GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/79515?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79515?format=api",
    "vulnerability_id": "VCID-fnc6-wbe2-g3an",
    "summary": "security update",
    "aliases": [
        {
            "alias": "CVE-2022-26847"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/362233?format=api",
            "purl": "pkg:deb/debian/spip@3.2.11-3%2Bdeb11u10?distro=trixie",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16ur-bz47-tbhf"
                },
                {
                    "vulnerability": "VCID-1rpa-1a47-4kdh"
                },
                {
                    "vulnerability": "VCID-2dud-ys3n-aqeq"
                },
                {
                    "vulnerability": "VCID-2vt3-2dn9-qud9"
                },
                {
                    "vulnerability": "VCID-63dn-uysy-5qd7"
                },
                {
                    "vulnerability": "VCID-7vzq-9sk8-3fc4"
                },
                {
                    "vulnerability": "VCID-83k3-y2y7-t3dn"
                },
                {
                    "vulnerability": "VCID-88hp-dkae-1khj"
                },
                {
                    "vulnerability": "VCID-au53-rjar-yqdz"
                },
                {
                    "vulnerability": "VCID-f8jh-sgsn-mqgr"
                },
                {
                    "vulnerability": "VCID-gffw-8mya-xyhb"
                },
                {
                    "vulnerability": "VCID-hcqm-dw7s-v7cc"
                },
                {
                    "vulnerability": "VCID-kufx-hnax-77hg"
                },
                {
                    "vulnerability": "VCID-qbcv-7zaj-u7hw"
                },
                {
                    "vulnerability": "VCID-ybb8-uf41-uyg8"
                },
                {
                    "vulnerability": "VCID-zu4w-61q8-1uaz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.11-3%252Bdeb11u10%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/362253?format=api",
            "purl": "pkg:deb/debian/spip@3.2.11-3%2Bdeb11u3?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.11-3%252Bdeb11u3%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/362254?format=api",
            "purl": "pkg:deb/debian/spip@4.0.5-1?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.0.5-1%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/362236?format=api",
            "purl": "pkg:deb/debian/spip@4.4.13%2Bdfsg-0%2Bdeb13u1?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.4.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/362235?format=api",
            "purl": "pkg:deb/debian/spip@4.4.15%2Bdfsg-1?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.4.15%252Bdfsg-1%3Fdistro=trixie"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/371360?format=api",
            "purl": "pkg:composer/spip/spip@4.0.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-4cyj-m5c1-sffs"
                },
                {
                    "vulnerability": "VCID-4pjp-c9f8-zkcj"
                },
                {
                    "vulnerability": "VCID-fnc6-wbe2-g3an"
                },
                {
                    "vulnerability": "VCID-h1cb-yt3w-1kb2"
                },
                {
                    "vulnerability": "VCID-p199-bctb-zkev"
                },
                {
                    "vulnerability": "VCID-tyxs-va7p-9qbp"
                },
                {
                    "vulnerability": "VCID-vtuw-zz4n-tked"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/spip/spip@4.0.0"
        }
    ],
    "references": [
        {
            "reference_url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"
        },
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26846",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26846"
        },
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26847",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26847"
        },
        {
            "reference_url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"
        },
        {
            "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"
        },
        {
            "reference_url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://lists.debian.org/debian-security-announce/2022/msg00060.html"
        },
        {
            "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26847",
            "reference_id": "CVE-2022-26847",
            "reference_type": "",
            "scores": [],
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26847"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 1035,
            "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."
        },
        {
            "cwe_id": 200,
            "name": "Exposure of Sensitive Information to an Unauthorized Actor",
            "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."
        },
        {
            "cwe_id": 937,
            "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."
        }
    ],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnc6-wbe2-g3an"
}