Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/38738?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38738?format=api", "vulnerability_id": "VCID-j29w-xkdz-xybp", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of\n which could lead to remote execution of arbitrary code.", "aliases": [ { "alias": "CVE-2014-9425" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75327?format=api", "purl": "pkg:ebuild/dev-lang/php@5.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.5.21" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/117931?format=api", "purl": "pkg:rpm/redhat/php@5.3.3-46?arch=el6_6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r4w-2t4j-9yhj" }, { "vulnerability": "VCID-81ef-kadu-kyfh" }, { "vulnerability": "VCID-8fu6-sec8-xugs" }, { "vulnerability": "VCID-8kym-4nwh-aqfm" }, { "vulnerability": "VCID-9wvm-w1qk-xycw" }, { "vulnerability": "VCID-9zsz-se7t-rbg5" }, { "vulnerability": "VCID-c35h-fm6m-j7gk" }, { "vulnerability": "VCID-fnxb-3r49-qub2" }, { "vulnerability": "VCID-fprj-bhat-bbby" }, { "vulnerability": "VCID-hdhg-7jda-afdf" }, { "vulnerability": "VCID-hmwd-fxux-ykbf" }, { "vulnerability": "VCID-hsef-gdm7-zuah" }, { "vulnerability": "VCID-j1t5-sfn3-j3c1" }, { "vulnerability": "VCID-j29w-xkdz-xybp" }, { "vulnerability": "VCID-nemj-tdgu-mkbw" }, { "vulnerability": "VCID-nx82-guaw-r7fq" }, { "vulnerability": "VCID-pvgs-r3n3-63hj" }, { "vulnerability": "VCID-q9qf-ed58-3udx" }, { "vulnerability": "VCID-rdy9-wgqs-8qf4" }, { "vulnerability": "VCID-rnhz-y1dn-pqfg" }, { "vulnerability": "VCID-szdn-6512-gqff" }, { "vulnerability": "VCID-twxd-49gc-cybg" }, { "vulnerability": "VCID-tyzc-rq14-3kge" }, { "vulnerability": "VCID-vfhb-pq1c-qkfj" }, { "vulnerability": "VCID-yh5e-xrz5-e7h6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.3-46%3Farch=el6_6" } ], "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2015-0040.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://advisories.mageia.org/MGASA-2015-0040.html" }, { "reference_url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=24125f0f26f3787c006e4a51611ba33ee3b841cb", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=24125f0f26f3787c006e4a51611ba33ee3b841cb" }, { "reference_url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2bcf69d073190e4f032d883f3416dea1b027a39e", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2bcf69d073190e4f032d883f3416dea1b027a39e" }, { "reference_url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/12/29/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2014/12/29/6" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9425.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94684", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94629", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94636", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94643", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94655", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94659", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94664", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94667", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94676", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.15502", "scoring_system": "epss", "scoring_elements": "0.94679", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9425" }, { "reference_url": "https://bugs.php.net/bug.php?id=68676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.php.net/bug.php?id=68676" }, { "reference_url": "https://support.apple.com/HT205267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT205267" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "reference_url": "http://www.securityfocus.com/bid/71800", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71800" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177734", "reference_id": "1177734", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177734" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9425", "reference_id": "CVE-2014-9425", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9425" }, { "reference_url": "https://security.gentoo.org/glsa/201503-03", "reference_id": "GLSA-201503-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1218", "reference_id": "RHSA-2015:1218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1218" } ], "weaknesses": [ { "cwe_id": 416, "name": "Use After Free", "description": "Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code." } ], "exploits": [], "severity_range_score": "7.5 - 7.5", "exploitability": "0.5", "weighted_severity": "6.8", "risk_score": 3.4, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j29w-xkdz-xybp" }