Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/152207?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/152207?format=api", "purl": "pkg:npm/semver@1.0.2", "type": "npm", "namespace": "", "name": "semver", "version": "1.0.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.7.2", "latest_non_vulnerable_version": "7.5.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7098?format=api", "vulnerability_id": "VCID-m6ct-n9hk-h3g4", "summary": "Regular Expression Denial of Service\nsemver is vulnerable to regular expression denial of service when extremely long version strings are parsed.", "references": [ { "reference_url": "https://github.com/npm/node-semver/commit/c80180d8341a8ada0236815c29a2be59864afd70", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/commit/c80180d8341a8ada0236815c29a2be59864afd70" }, { "reference_url": "https://github.com/npm/npm/releases/tag/v2.7.5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/npm/releases/tag/v2.7.5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21087?format=api", "purl": "pkg:npm/semver@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nahx-etfu-qqfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/semver@4.3.2" } ], "aliases": [ "GMS-2015-9" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6ct-n9hk-h3g4" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/semver@1.0.2" }