Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1067957?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1067957?format=api", "purl": "pkg:gem/zlib@3.2.3", "type": "gem", "namespace": "", "name": "zlib", "version": "3.2.3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90861?format=api", "vulnerability_id": "VCID-sfzh-hn56-hbak", "summary": "Buffer overflow vulnerability in Zlib::GzipReader\nA buffer overflow vulnerability exists in Zlib::GzipReader.\nThis vulnerability has been assigned the CVE identifier\nCVE-2026-27820. We recommend upgrading the zlib gem.\n\n## Details\n\nThe zstream_buffer_ungets function prepends caller-provided bytes\nahead of previously produced output but fails to guarantee the\nbacking Ruby string has enough capacity before the memmove shifts\nthe existing data. This can lead to memory corruption when the\nbuffer length exceeds capacity.\n\n## Recommended action\n\nWe recommend to update the zlib gem to version 3.2.3 or later.\nIn order to ensure compatibility with bundled version in older\nRuby series, you may update as follows instead:\n\n* For Ruby 3.2 users: Update to zlib 3.0.1\n* For Ruby 3.3 users: Update to zlib 3.1.2\n* You can use gem update zlib to update it. If you are using\n bundler, please add gem \"zlib\", \">= 3.2.3\" to your Gemfile.\n\n## Affected versions:\n\nzlib gem 3.2.2 or lower\n\n## Credits\n\nThanks to calysteon for reporting this issue. Also thanks to\nnobu for creating the patch.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27820.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27820.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27820", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02126", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02466", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04667", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04633", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12746", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27820" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27820" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/zlib/CVE-2026-27820.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/zlib/CVE-2026-27820.yml" }, { "reference_url": "https://github.com/ruby/zlib", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/zlib" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820" }, { "reference_url": "https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134341", "reference_id": "1134341", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134341" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459002", "reference_id": "2459002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459002" }, { "reference_url": "https://hackerone.com/reports/3467067", "reference_id": "3467067", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T18:20:13Z/" } ], "url": "https://hackerone.com/reports/3467067" }, { "reference_url": "https://github.com/advisories/GHSA-g857-hhfv-j68w", "reference_id": "GHSA-g857-hhfv-j68w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g857-hhfv-j68w" }, { "reference_url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w", "reference_id": "GHSA-g857-hhfv-j68w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T18:20:13Z/" } ], "url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7305", "reference_id": "RHSA-2026:7305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7307", "reference_id": "RHSA-2026:7307", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7307" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8838", "reference_id": "RHSA-2026:8838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8838" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067959?format=api", "purl": "pkg:gem/zlib@3.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067958?format=api", "purl": "pkg:gem/zlib@3.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067957?format=api", "purl": "pkg:gem/zlib@3.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.2.3" } ], "aliases": [ "CVE-2026-27820", "GHSA-g857-hhfv-j68w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sfzh-hn56-hbak" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.2.3" }