Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/55042?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55042?format=api", "vulnerability_id": "VCID-rd6j-u6sd-c3f6", "summary": "Denial of Service in jsonparser\njsonparser before 1.1.1 allows attackers to cause a denial of service via a GET call.", "aliases": [ { "alias": "CVE-2020-35381" }, { "alias": "GHSA-8vrw-m3j9-j27c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923877?format=api", "purl": "pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gj4-t3v3-gyhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054812?format=api", "purl": "pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gj4-t3v3-gyhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/923875?format=api", "purl": "pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gj4-t3v3-gyhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923878?format=api", "purl": "pkg:deb/debian/golang-github-buger-jsonparser@1.1.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1102931?format=api", "purl": "pkg:deb/debian/golang-github-buger-jsonparser@1.2.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.2.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/82223?format=api", "purl": "pkg:golang/github.com/buger/jsonparser@1.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/buger/jsonparser@1.1.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054811?format=api", "purl": "pkg:deb/debian/golang-github-buger-jsonparser@0.0~git20170705.0.9addec9-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rd6j-u6sd-c3f6" }, { "vulnerability": "VCID-xur8-yfek-dkgd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@0.0~git20170705.0.9addec9-2" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47438", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47478", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47499", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47449", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47503", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.475", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47498", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47505", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47564", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47557", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47509", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47507", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47455", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47372", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35381" }, { "reference_url": "https://github.com/buger/jsonparser", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/buger/jsonparser" }, { "reference_url": "https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42" }, { "reference_url": "https://github.com/buger/jsonparser/issues/219", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/buger/jsonparser/issues/219" }, { "reference_url": "https://github.com/buger/jsonparser/pull/221", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/buger/jsonparser/pull/221" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27EA7OGCELV7QFAGVIHODHWKMKGFVIUZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27EA7OGCELV7QFAGVIHODHWKMKGFVIUZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJO5N7YTDEUSTKYTNA372CE6VHCZJWUG", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJO5N7YTDEUSTKYTNA372CE6VHCZJWUG" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35381", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35381" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2021-0057", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2021-0057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908451", "reference_id": "1908451", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908451" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978445", "reference_id": "978445", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978445" } ], "weaknesses": [ { "cwe_id": 125, "name": "Out-of-bounds Read", "description": "The product reads data past the end, or before the beginning, of the intended buffer." }, { "cwe_id": 129, "name": "Improper Validation of Array Index", "description": "The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd6j-u6sd-c3f6" }