Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/119787?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/119787?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-23?distro=trixie", "type": "deb", "namespace": "debian", "name": "nvi", "version": "1.81.6-23", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.81.6-24", "latest_non_vulnerable_version": "1.81.6-24", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58557?format=api", "vulnerability_id": "VCID-rrcw-n2jt-sfde", "summary": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22421", "scoring_system": "epss", "scoring_elements": "0.95937", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.22421", "scoring_system": "epss", "scoring_elements": "0.95942", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.22421", "scoring_system": "epss", "scoring_elements": "0.95945", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.22421", "scoring_system": "epss", "scoring_elements": "0.9595", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2305" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191049", "reference_id": "1191049", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191049" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397", "reference_id": "778397", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402", "reference_id": "778402", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406", "reference_id": "778406", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408", "reference_id": "778408", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409", "reference_id": "778409", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412", "reference_id": "778412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1053", "reference_id": "RHSA-2015:1053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1066", "reference_id": "RHSA-2015:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1066" }, { "reference_url": "https://usn.ubuntu.com/2572-1/", "reference_id": "USN-2572-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2572-1/" }, { "reference_url": "https://usn.ubuntu.com/2594-1/", "reference_id": "USN-2594-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2594-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/119788?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/119784?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/119782?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-17?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-17%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/119787?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-23?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-23%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/119785?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-24%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-2305" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrcw-n2jt-sfde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95635?format=api", "vulnerability_id": "VCID-ux5j-ch6z-kyf7", "summary": "Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2001-1562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14894", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14979", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14976", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14936", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14854", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14879", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2001-1562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/119783?format=api", "purl": "pkg:deb/debian/nvi@1.79-16a.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.79-16a.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/119784?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/119782?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-17?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-17%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/119787?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-23?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-23%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/119785?format=api", "purl": "pkg:deb/debian/nvi@1.81.6-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-24%3Fdistro=trixie" } ], "aliases": [ "CVE-2001-1562" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ux5j-ch6z-kyf7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nvi@1.81.6-23%3Fdistro=trixie" }