Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1021262?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1021262?format=api", "purl": "pkg:apk/alpine/nodejs@14.15.5-r0?arch=armv7&distroversion=v3.18&reponame=main", "type": "apk", "namespace": "alpine", "name": "nodejs", "version": "14.15.5-r0", "qualifiers": { "arch": "armv7", "distroversion": "v3.18", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "14.16.0-r0", "latest_non_vulnerable_version": "18.20.1-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61944?format=api", "vulnerability_id": "VCID-qaft-n356-tugs", "summary": "Multiple vulnerabilities have been found in Chromium and Google\n Chrome, the worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96119", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96126", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96133", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96148", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96152", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96154", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96155", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96164", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96168", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96169", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96172", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.24871", "scoring_system": "epss", "scoring_elements": "0.96173", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21148" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21148" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21149", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21151", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21151" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21157" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://crbug.com/1170176", "reference_id": "1170176", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:55:23Z/" } ], "url": "https://crbug.com/1170176" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L/", "reference_id": "7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:55:23Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L/" }, { "reference_url": "https://security.archlinux.org/ASA-202102-4", "reference_id": "ASA-202102-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-4" }, { "reference_url": "https://security.archlinux.org/ASA-202102-6", "reference_id": "ASA-202102-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P/", "reference_id": "AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:55:23Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P/" }, { "reference_url": "https://security.archlinux.org/AVG-1478", "reference_id": "AVG-1478", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1478" }, { "reference_url": "https://security.archlinux.org/AVG-1525", "reference_id": "AVG-1525", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1525" }, { "reference_url": "http://packetstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.html", "reference_id": "Chrome-Array-Transfer-Bypass.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:55:23Z/" } ], "url": "http://packetstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.html" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4858", "reference_id": "dsa-4858", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:55:23Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4858" }, { "reference_url": "https://security.gentoo.org/glsa/202104-08", "reference_id": "GLSA-202104-08", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:55:23Z/" } ], "url": "https://security.gentoo.org/glsa/202104-08" }, { "reference_url": "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html", "reference_id": "stable-channel-update-for-desktop_4.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:55:23Z/" } ], "url": "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021262?format=api", "purl": "pkg:apk/alpine/nodejs@14.15.5-r0?arch=armv7&distroversion=v3.18&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@14.15.5-r0%3Farch=armv7&distroversion=v3.18&reponame=main" } ], "aliases": [ "CVE-2021-21148" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qaft-n356-tugs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@14.15.5-r0%3Farch=armv7&distroversion=v3.18&reponame=main" }