VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/71735?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71735?format=api",
    "vulnerability_id": "VCID-92sb-ymv3-wqeg",
    "summary": "Shynet before 0.14.0 allows Host header injection in the password reset flow.",
    "aliases": [
        {
            "alias": "CVE-2026-35507"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35507",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00018",
                    "scoring_system": "epss",
                    "scoring_elements": "0.05031",
                    "published_at": "2026-06-11T12:55:00Z"
                },
                {
                    "value": "0.00018",
                    "scoring_system": "epss",
                    "scoring_elements": "0.05034",
                    "published_at": "2026-06-12T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35507"
        },
        {
            "reference_url": "https://github.com/milesmcc/shynet/pull/345",
            "reference_id": "345",
            "reference_type": "",
            "scores": [
                {
                    "value": "6.4",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:21:40Z/"
                }
            ],
            "url": "https://github.com/milesmcc/shynet/pull/345"
        },
        {
            "reference_url": "https://github.com/milesmcc/shynet/releases/tag/v0.14.0",
            "reference_id": "v0.14.0",
            "reference_type": "",
            "scores": [
                {
                    "value": "6.4",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:21:40Z/"
                }
            ],
            "url": "https://github.com/milesmcc/shynet/releases/tag/v0.14.0"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 348,
            "name": "Use of Less Trusted Source",
            "description": "The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack."
        }
    ],
    "exploits": [],
    "severity_range_score": "6.4 - 6.4",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92sb-ymv3-wqeg"
}

Vulnerability Instance