GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/91377?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91377?format=api",
    "vulnerability_id": "VCID-b2g8-vfaw-fqbd",
    "summary": "The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.",
    "aliases": [
        {
            "alias": "CVE-2005-1807"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/928208?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@1.73?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@1.73%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/928209?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@6.2.0-2?distro=trixie",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.2.0-2%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/928207?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@6.6.3-1?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.6.3-1%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/928210?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@6.9.3-1?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.9.3-1%3Fdistro=trixie"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1807",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.15352",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94603",
                    "published_at": "2026-04-01T12:55:00Z"
                },
                {
                    "value": "0.15352",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94611",
                    "published_at": "2026-04-02T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94844",
                    "published_at": "2026-04-07T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94853",
                    "published_at": "2026-04-08T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94857",
                    "published_at": "2026-04-09T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94862",
                    "published_at": "2026-04-11T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94864",
                    "published_at": "2026-04-12T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94866",
                    "published_at": "2026-04-13T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94873",
                    "published_at": "2026-04-16T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94877",
                    "published_at": "2026-04-18T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94881",
                    "published_at": "2026-04-21T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94882",
                    "published_at": "2026-04-24T12:55:00Z"
                },
                {
                    "value": "0.1638",
                    "scoring_system": "epss",
                    "scoring_elements": "0.94841",
                    "published_at": "2026-04-04T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1807"
        },
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1807",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1807"
        },
        {
            "reference_url": "http://seclists.org/lists/bugtraq/2005/May/0337.html",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://seclists.org/lists/bugtraq/2005/May/0337.html"
        },
        {
            "reference_url": "http://secunia.com/advisories/15543",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://secunia.com/advisories/15543"
        },
        {
            "reference_url": "http://secunia.com/advisories/18732",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://secunia.com/advisories/18732"
        },
        {
            "reference_url": "http://secunia.com/advisories/25726",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://secunia.com/advisories/25726"
        },
        {
            "reference_url": "http://securitytracker.com/id?1014069",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://securitytracker.com/id?1014069"
        },
        {
            "reference_url": "http://sourceforge.net/project/shownotes.php?release_id=341210&group_id=26031",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=341210&group_id=26031"
        },
        {
            "reference_url": "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf"
        },
        {
            "reference_url": "http://www.securityfocus.com/bid/13805",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://www.securityfocus.com/bid/13805"
        },
        {
            "reference_url": "http://www.vupen.com/english/advisories/2006/0448",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://www.vupen.com/english/advisories/2006/0448"
        },
        {
            "reference_url": "http://www.vupen.com/english/advisories/2007/2242",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://www.vupen.com/english/advisories/2007/2242"
        },
        {
            "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmailer:phpmailer:*:*:*:*:*:*:*:*",
            "reference_id": "cpe:2.3:a:phpmailer:phpmailer:*:*:*:*:*:*:*:*",
            "reference_type": "",
            "scores": [],
            "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmailer:phpmailer:*:*:*:*:*:*:*:*"
        },
        {
            "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1807",
            "reference_id": "CVE-2005-1807",
            "reference_type": "",
            "scores": [
                {
                    "value": "5.0",
                    "scoring_system": "cvssv2",
                    "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
                }
            ],
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1807"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/25752.txt",
            "reference_id": "CVE-2005-1807;OSVDB-16935",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/25752.txt"
        },
        {
            "reference_url": "https://www.securityfocus.com/bid/13805/info",
            "reference_id": "CVE-2005-1807;OSVDB-16935",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://www.securityfocus.com/bid/13805/info"
        }
    ],
    "weaknesses": [],
    "exploits": [
        {
            "date_added": "2005-05-28",
            "description": "PHPMailer 1.7 - 'Data()' Remote Denial of Service",
            "required_action": null,
            "due_date": null,
            "notes": null,
            "known_ransomware_campaign_use": true,
            "source_date_published": "2005-05-28",
            "exploit_type": "dos",
            "platform": "php",
            "source_date_updated": "2017-06-22",
            "data_source": "Exploit-DB",
            "source_url": "https://www.securityfocus.com/bid/13805/info"
        }
    ],
    "severity_range_score": "5.0 - 5.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b2g8-vfaw-fqbd"
}