GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/812?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/812?format=api",
    "vulnerability_id": "VCID-nqr4-3zsm-mkdw",
    "summary": "A crafted HTML email using mailbox:/// links can trigger automatic,\nunsolicited downloads of .pdf files to the user's desktop or home\ndirectory without prompting, even if auto-saving is disabled. This\nbehavior can be abused to fill the disk with garbage data (e.g. using\n/dev/urandom on Linux) or to leak Windows credentials via SMB links\nwhen the email is viewed in HTML mode. While user interaction is\nrequired to download the .pdf file, visual obfuscation can conceal\nthe download trigger. Viewing the email in HTML mode is enough to\nload external content.",
    "aliases": [
        {
            "alias": "CVE-2025-5986"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/498?format=api",
            "purl": "pkg:mozilla/Thunderbird@128.11.1",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@128.11.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504?format=api",
            "purl": "pkg:mozilla/Thunderbird@139.0.2",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@139.0.2"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-49",
            "reference_id": "mfsa2025-49",
            "reference_type": "",
            "scores": [
                {
                    "value": "high",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-49"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-50",
            "reference_id": "mfsa2025-50",
            "reference_type": "",
            "scores": [
                {
                    "value": "high",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-50"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "7.0 - 8.9",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqr4-3zsm-mkdw"
}