Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/33?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33?format=api", "vulnerability_id": "VCID-suwa-7cxc-3ug8", "summary": "", "aliases": [ { "alias": "CVE-2006-5229" } ], "fixed_packages": [], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5229.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5229.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-5229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.56627", "scoring_system": "epss", "scoring_elements": "0.98165", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.56627", "scoring_system": "epss", "scoring_elements": "0.98172", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.56627", "scoring_system": "epss", "scoring_elements": "0.98173", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-5229" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "weaknesses": [], "exploits": [ { "date_added": null, "description": "This module uses a malformed packet or timing attack to enumerate users on\n an OpenSSH server.\n\n The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST\n packet using public key authentication (must be enabled) to enumerate users.\n\n On some versions of OpenSSH under some configurations, OpenSSH will return a\n \"permission denied\" error for an invalid user faster than for a valid user,\n creating an opportunity for a timing attack to enumerate users.\n\n Testing note: invalid users were logged, while valid users were not. YMMV.", "required_action": null, "due_date": null, "notes": "Stability:\n - crash-service-down\nReliability: []\nSideEffects:\n - ioc-in-logs\n - account-lockouts\n", "known_ransomware_campaign_use": false, "source_date_published": null, "exploit_type": null, "platform": "", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssh/ssh_enumusers.rb" }, { "date_added": "2007-02-12", "description": "Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2007-02-13", "exploit_type": "remote", "platform": "multiple", "source_date_updated": "2016-09-27", "data_source": "Exploit-DB", "source_url": "" } ], "severity_range_score": "5.3 - 5.3", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-suwa-7cxc-3ug8" }