Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36875?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36875?format=api", "vulnerability_id": "VCID-q3z8-83e9-ryf9", "summary": "Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "aliases": [ { "alias": "CVE-2024-42346" }, { "alias": "GHSA-x6w7-3gwf-qr9r" }, { "alias": "PYSEC-2024-272" }, { "alias": "PYSEC-2024-273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42627?format=api", "purl": "pkg:pypi/galaxy-auth@24.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42653?format=api", "purl": "pkg:pypi/galaxy-data@24.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.1.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42607?format=api", "purl": "pkg:pypi/galaxy-auth@20.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@20.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42608?format=api", "purl": "pkg:pypi/galaxy-auth@20.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@20.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42609?format=api", "purl": "pkg:pypi/galaxy-auth@21.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@21.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42610?format=api", "purl": "pkg:pypi/galaxy-auth@22.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@22.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42611?format=api", "purl": "pkg:pypi/galaxy-auth@23.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42612?format=api", "purl": "pkg:pypi/galaxy-auth@23.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/42613?format=api", "purl": "pkg:pypi/galaxy-auth@23.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/42614?format=api", "purl": "pkg:pypi/galaxy-auth@23.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/42615?format=api", "purl": "pkg:pypi/galaxy-auth@23.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/42616?format=api", "purl": "pkg:pypi/galaxy-auth@23.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/42617?format=api", "purl": "pkg:pypi/galaxy-auth@23.1.dev0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.dev0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42618?format=api", "purl": "pkg:pypi/galaxy-auth@23.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42619?format=api", "purl": "pkg:pypi/galaxy-auth@23.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/42620?format=api", "purl": "pkg:pypi/galaxy-auth@23.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/42621?format=api", "purl": "pkg:pypi/galaxy-auth@23.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/42622?format=api", "purl": "pkg:pypi/galaxy-auth@23.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42623?format=api", "purl": "pkg:pypi/galaxy-auth@24.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42624?format=api", "purl": "pkg:pypi/galaxy-auth@24.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42625?format=api", "purl": "pkg:pypi/galaxy-auth@24.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/42626?format=api", "purl": "pkg:pypi/galaxy-auth@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/42628?format=api", "purl": "pkg:pypi/galaxy-data@19.9.0.dev0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42629?format=api", "purl": "pkg:pypi/galaxy-data@19.9.0.dev1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42630?format=api", "purl": "pkg:pypi/galaxy-data@19.9.0.dev2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev2" }, { "url": "http://public2.vulnerablecode.io/api/packages/42631?format=api", "purl": "pkg:pypi/galaxy-data@19.9.0.dev3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev3" }, { "url": "http://public2.vulnerablecode.io/api/packages/42632?format=api", "purl": "pkg:pypi/galaxy-data@20.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@20.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42633?format=api", "purl": "pkg:pypi/galaxy-data@20.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@20.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42634?format=api", "purl": "pkg:pypi/galaxy-data@20.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@20.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42635?format=api", "purl": "pkg:pypi/galaxy-data@21.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@21.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42636?format=api", "purl": "pkg:pypi/galaxy-data@22.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@22.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42637?format=api", "purl": "pkg:pypi/galaxy-data@23.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42638?format=api", "purl": "pkg:pypi/galaxy-data@23.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/42639?format=api", "purl": "pkg:pypi/galaxy-data@23.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/42640?format=api", "purl": "pkg:pypi/galaxy-data@23.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/42641?format=api", "purl": "pkg:pypi/galaxy-data@23.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/42642?format=api", "purl": "pkg:pypi/galaxy-data@23.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/42643?format=api", "purl": "pkg:pypi/galaxy-data@23.1.dev0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.dev0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42644?format=api", "purl": "pkg:pypi/galaxy-data@23.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42645?format=api", "purl": "pkg:pypi/galaxy-data@23.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/42646?format=api", "purl": "pkg:pypi/galaxy-data@23.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/42647?format=api", "purl": "pkg:pypi/galaxy-data@23.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/42648?format=api", "purl": "pkg:pypi/galaxy-data@23.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42649?format=api", "purl": "pkg:pypi/galaxy-data@24.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42650?format=api", "purl": "pkg:pypi/galaxy-data@24.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42651?format=api", "purl": "pkg:pypi/galaxy-data@24.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/42652?format=api", "purl": "pkg:pypi/galaxy-data@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q3z8-83e9-ryf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.3" } ], "references": [ { "reference_url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-x6w7-3gwf-qr9r", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-x6w7-3gwf-qr9r" } ], "weaknesses": [], "exploits": [], "severity_range_score": "5.4 - 5.4", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3z8-83e9-ryf9" }