Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/50076?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50076?format=api", "vulnerability_id": "VCID-159v-wvt4-afhj", "summary": "Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns\nAllowedHosts host validation can be bypassed because configured host patterns are turned into regular expressions without escaping regex metacharacters (notably .). A configured allowlist entry like example.com can match exampleXcom", "aliases": [ { "alias": "CVE-2026-25479" }, { "alias": "GHSA-93ph-p7v4-hwh4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73945?format=api", "purl": "pkg:pypi/litestar@2.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litestar@2.20.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73944?format=api", "purl": "pkg:pypi/litestar@2.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-159v-wvt4-afhj" }, { "vulnerability": "VCID-btyw-ukg5-2yb8" }, { "vulnerability": "VCID-nx6r-27da-k7gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litestar@2.19.0" } ], "references": [ { "reference_url": "https://github.com/litestar-org/litestar", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/litestar-org/litestar" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25479", "reference_id": "CVE-2026-25479", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25479" }, { "reference_url": "https://github.com/advisories/GHSA-93ph-p7v4-hwh4", "reference_id": "GHSA-93ph-p7v4-hwh4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-93ph-p7v4-hwh4" }, { "reference_url": "https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4", "reference_id": "GHSA-93ph-p7v4-hwh4", "reference_type": "", "scores": [], "url": "https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4" } ], "weaknesses": [ { "cwe_id": 185, "name": "Incorrect Regular Expression", "description": "The product specifies a regular expression in a way that causes data to be improperly matched or compared." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-159v-wvt4-afhj" }