Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/147839?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/147839?format=api", "purl": "pkg:golang/github.com/gravitl/netmaker@0.9.4", "type": "golang", "namespace": "github.com/gravitl", "name": "netmaker", "version": "0.9.4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.15.1", "latest_non_vulnerable_version": "1.5.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109870?format=api", "vulnerability_id": "VCID-dp6g-tmee-2qfn", "summary": "Use of Hard-coded Cryptographic Key in Netmaker\nNetmaker prior to versions 0.8.5, 0.9.4, 0.10.0, and 0.10.1 uses a hard-coded cryptographic key.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52351", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52342", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52321", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52304", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52371", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52364", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0664" }, { "reference_url": "https://github.com/gravitl/netmaker", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gravitl/netmaker" }, { "reference_url": "https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf" }, { "reference_url": "https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0664", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0664" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/147838?format=api", "purl": "pkg:golang/github.com/gravitl/netmaker@0.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/gravitl/netmaker@0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/147839?format=api", "purl": "pkg:golang/github.com/gravitl/netmaker@0.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/gravitl/netmaker@0.9.4" } ], "aliases": [ "CVE-2022-0664", "GHSA-6rrw-4fm9-rghv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dp6g-tmee-2qfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109846?format=api", "vulnerability_id": "VCID-ueu6-j5s4-bqdr", "summary": "Use of Hard-coded Cryptographic Key in Netmaker\n### Impact\nThere is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server, if you know the address and username of the admin. This effects the server (netmaker) component, and not clients.\n\n### Patches\nThis has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. If you are running these versions, the fix is to perform the following:\n\n1. docker-compose down\n2. docker pull gravitl/netmaker:( version )\n3. docker-compose up -d\n\n#### Additional Information\nIf you are running **any other version**, you will need to upgrade to one of these three versions. If you have a special circumstance that requires running a different version, let us know and we may be able to build a custom patch.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [info@gravitl.com](mailto:info@gravitl.com)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74509", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74482", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.745", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74511", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74505", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23650" }, { "reference_url": "https://github.com/gravitl/netmaker", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gravitl/netmaker" }, { "reference_url": "https://github.com/gravitl/netmaker/commit/3d4f44ecfe8be4ca38920556ba3b90502ffb4fee", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:56Z/" } ], "url": "https://github.com/gravitl/netmaker/commit/3d4f44ecfe8be4ca38920556ba3b90502ffb4fee" }, { "reference_url": "https://github.com/gravitl/netmaker/commit/e9bce264719f88c30e252ecc754d08f422f4c080", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:56Z/" } ], "url": "https://github.com/gravitl/netmaker/commit/e9bce264719f88c30e252ecc754d08f422f4c080" }, { "reference_url": "https://github.com/gravitl/netmaker/pull/781/commits/1bec97c662670dfdab804343fc42ae4b1d050a87", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:56Z/" } ], "url": "https://github.com/gravitl/netmaker/pull/781/commits/1bec97c662670dfdab804343fc42ae4b1d050a87" }, { "reference_url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-86f3-hf24-76q4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:56Z/" } ], "url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-86f3-hf24-76q4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23650", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23650" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/147838?format=api", "purl": "pkg:golang/github.com/gravitl/netmaker@0.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/gravitl/netmaker@0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/147839?format=api", "purl": "pkg:golang/github.com/gravitl/netmaker@0.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/gravitl/netmaker@0.9.4" } ], "aliases": [ "CVE-2022-23650", "GHSA-86f3-hf24-76q4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ueu6-j5s4-bqdr" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/gravitl/netmaker@0.9.4" }