Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/34971?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34971?format=api", "vulnerability_id": "VCID-2n2r-fjmn-qfdw", "summary": "The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.", "aliases": [ { "alias": "CVE-2015-7337" }, { "alias": "GHSA-92mr-v722-f48m" }, { "alias": "PYSEC-2015-25" }, { "alias": "PYSEC-2015-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99689?format=api", "purl": "pkg:deb/debian/ipython@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ipython@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99686?format=api", "purl": "pkg:deb/debian/ipython@7.20.0-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ipython@7.20.0-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99684?format=api", "purl": "pkg:deb/debian/ipython@8.5.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ipython@8.5.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99688?format=api", "purl": "pkg:deb/debian/ipython@8.35.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ipython@8.35.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99687?format=api", "purl": "pkg:deb/debian/ipython@9.11.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ipython@9.11.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/192938?format=api", "purl": "pkg:ebuild/dev-python/ipython@3.2.1-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/ipython@3.2.1-r1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9049?format=api", "purl": "pkg:pypi/ipython@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ipython@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/9048?format=api", "purl": "pkg:pypi/notebook@4.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3bhm-ewdv-zbeq" }, { "vulnerability": "VCID-6kh1-gzxx-k7bs" }, { "vulnerability": "VCID-6y8s-qegb-ekde" }, { "vulnerability": "VCID-7r44-pfgv-vfhx" }, { "vulnerability": "VCID-a5v7-yux3-fqah" }, { "vulnerability": "VCID-cq6c-5wrp-6uf8" }, { "vulnerability": "VCID-d8dn-ga5x-pyc8" }, { "vulnerability": "VCID-ng3p-zbry-8fer" }, { "vulnerability": "VCID-ts53-zf55-zkcn" }, { "vulnerability": "VCID-v436-yfae-x7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.5" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9044?format=api", "purl": "pkg:pypi/notebook@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1m6w-n7j5-fbe6" }, { "vulnerability": "VCID-2n2r-fjmn-qfdw" }, { "vulnerability": "VCID-3bhm-ewdv-zbeq" }, { "vulnerability": "VCID-6kh1-gzxx-k7bs" }, { "vulnerability": "VCID-6y8s-qegb-ekde" }, { "vulnerability": "VCID-7adm-yra7-a3ht" }, { "vulnerability": "VCID-7r44-pfgv-vfhx" }, { "vulnerability": "VCID-a5v7-yux3-fqah" }, { "vulnerability": "VCID-cq6c-5wrp-6uf8" }, { "vulnerability": "VCID-d8dn-ga5x-pyc8" }, { "vulnerability": "VCID-ng3p-zbry-8fer" }, { "vulnerability": "VCID-ts53-zf55-zkcn" }, { "vulnerability": "VCID-v436-yfae-x7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/9045?format=api", "purl": "pkg:pypi/notebook@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1m6w-n7j5-fbe6" }, { "vulnerability": "VCID-2n2r-fjmn-qfdw" }, { "vulnerability": "VCID-3bhm-ewdv-zbeq" }, { "vulnerability": "VCID-6kh1-gzxx-k7bs" }, { "vulnerability": "VCID-6y8s-qegb-ekde" }, { "vulnerability": "VCID-7adm-yra7-a3ht" }, { "vulnerability": "VCID-7r44-pfgv-vfhx" }, { "vulnerability": "VCID-a5v7-yux3-fqah" }, { "vulnerability": "VCID-cq6c-5wrp-6uf8" }, { "vulnerability": "VCID-d8dn-ga5x-pyc8" }, { "vulnerability": "VCID-ng3p-zbry-8fer" }, { "vulnerability": "VCID-ts53-zf55-zkcn" }, { "vulnerability": "VCID-v436-yfae-x7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9046?format=api", "purl": "pkg:pypi/notebook@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1m6w-n7j5-fbe6" }, { "vulnerability": "VCID-2n2r-fjmn-qfdw" }, { "vulnerability": "VCID-3bhm-ewdv-zbeq" }, { "vulnerability": "VCID-6kh1-gzxx-k7bs" }, { "vulnerability": "VCID-6y8s-qegb-ekde" }, { "vulnerability": "VCID-7adm-yra7-a3ht" }, { "vulnerability": "VCID-7r44-pfgv-vfhx" }, { "vulnerability": "VCID-a5v7-yux3-fqah" }, { "vulnerability": "VCID-cq6c-5wrp-6uf8" }, { "vulnerability": "VCID-d8dn-ga5x-pyc8" }, { "vulnerability": "VCID-ng3p-zbry-8fer" }, { "vulnerability": "VCID-ts53-zf55-zkcn" }, { "vulnerability": "VCID-v436-yfae-x7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/9047?format=api", "purl": "pkg:pypi/notebook@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1m6w-n7j5-fbe6" }, { "vulnerability": "VCID-2n2r-fjmn-qfdw" }, { "vulnerability": "VCID-3bhm-ewdv-zbeq" }, { "vulnerability": "VCID-6kh1-gzxx-k7bs" }, { "vulnerability": "VCID-6y8s-qegb-ekde" }, { "vulnerability": "VCID-7r44-pfgv-vfhx" }, { "vulnerability": "VCID-a5v7-yux3-fqah" }, { "vulnerability": "VCID-cq6c-5wrp-6uf8" }, { "vulnerability": "VCID-d8dn-ga5x-pyc8" }, { "vulnerability": "VCID-ng3p-zbry-8fer" }, { "vulnerability": "VCID-ts53-zf55-zkcn" }, { "vulnerability": "VCID-v436-yfae-x7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.4" } ], "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.73969", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7337" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264067", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264067" }, { "reference_url": "http://seclists.org/oss-sec/2015/q3/558", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2015/q3/558" }, { "reference_url": "http://seclists.org/oss-sec/2015/q3/634", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2015/q3/634" }, { "reference_url": "https://github.com/advisories/GHSA-92mr-v722-f48m", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92mr-v722-f48m" }, { "reference_url": "https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967" }, { "reference_url": "https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2015-25.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2015-25.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2015-27.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2015-27.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7337", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7337" }, { "reference_url": "https://security.gentoo.org/glsa/201512-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201512-02" } ], "weaknesses": [ { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2r-fjmn-qfdw" }