Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/16765?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/16765?format=api", "purl": "pkg:npm/parse@2.10.0", "type": "npm", "namespace": "", "name": "parse", "version": "2.10.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.0.0-alpha.1", "latest_non_vulnerable_version": "7.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102558?format=api", "vulnerability_id": "VCID-awer-uuxm-vkge", "summary": "Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (internal) are affected. This vulnerability is fixed in 7.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.3861", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62374" }, { "reference_url": "https://github.com/parse-community/Parse-SDK-JS", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parse-community/Parse-SDK-JS" }, { "reference_url": "https://github.com/parse-community/Parse-SDK-JS/commit/00973987f361368659c0c4dbf669f3897520b132", "reference_id": "00973987f361368659c0c4dbf669f3897520b132", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T20:28:45Z/" } ], "url": "https://github.com/parse-community/Parse-SDK-JS/commit/00973987f361368659c0c4dbf669f3897520b132" }, { "reference_url": "https://github.com/parse-community/Parse-SDK-JS/pull/2749", "reference_id": "2749", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T20:28:45Z/" } ], "url": "https://github.com/parse-community/Parse-SDK-JS/pull/2749" }, { "reference_url": "https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1", "reference_id": "7.0.0-alpha.1", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T20:28:45Z/" } ], "url": "https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62374", "reference_id": "CVE-2025-62374", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62374" }, { "reference_url": "https://github.com/advisories/GHSA-9f2h-7v79-mxw3", "reference_id": "GHSA-9f2h-7v79-mxw3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9f2h-7v79-mxw3" }, { "reference_url": "https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3", "reference_id": "GHSA-9f2h-7v79-mxw3", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T20:28:45Z/" } ], "url": "https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34332?format=api", "purl": "pkg:npm/parse@7.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/parse@7.0.0" } ], "aliases": [ "CVE-2025-62374", "GHSA-9f2h-7v79-mxw3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awer-uuxm-vkge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/120983?format=api", "vulnerability_id": "VCID-r11s-dzcn-qudf", "summary": "parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57324", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39439", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57324" }, { "reference_url": "https://github.com/parse-community/Parse-SDK-JS", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parse-community/Parse-SDK-JS" }, { "reference_url": "https://github.com/parse-community/Parse-SDK-JS/commit/9e7c1bad472b1ed2463cbac567b8ec752ae5b4c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parse-community/Parse-SDK-JS/commit/9e7c1bad472b1ed2463cbac567b8ec752ae5b4c9" }, { "reference_url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57324", "reference_id": "CVE-2025-57324", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T14:28:21Z/" } ], "url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57324" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57324", "reference_id": "CVE-2025-57324", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57324" }, { "reference_url": "https://github.com/advisories/GHSA-9g8m-v378-pcg3", "reference_id": "GHSA-9g8m-v378-pcg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9g8m-v378-pcg3" }, { "reference_url": "https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/parse%405.3.0/index.js", "reference_id": "index.js", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T14:28:21Z/" } ], "url": "https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/parse%405.3.0/index.js" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33957?format=api", "purl": "pkg:npm/parse@7.0.0-alpha.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/parse@7.0.0-alpha.1" } ], "aliases": [ "CVE-2025-57324", "GHSA-9g8m-v378-pcg3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r11s-dzcn-qudf" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205053?format=api", "vulnerability_id": "VCID-29sq-fnkh-wuct", "summary": "Storing Password in Local Storage", "references": [ { "reference_url": "https://github.com/parse-community/Parse-SDK-JS", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parse-community/Parse-SDK-JS" }, { "reference_url": "https://github.com/parse-community/Parse-SDK-JS/commit/d1106174571b699f972929dd7cbb8e45b5283cbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parse-community/Parse-SDK-JS/commit/d1106174571b699f972929dd7cbb8e45b5283cbb" }, { "reference_url": "https://github.com/advisories/GHSA-wvh7-5p38-2qfc", "reference_id": "GHSA-wvh7-5p38-2qfc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wvh7-5p38-2qfc" }, { "reference_url": "https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-wvh7-5p38-2qfc", "reference_id": "GHSA-wvh7-5p38-2qfc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-wvh7-5p38-2qfc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16765?format=api", "purl": "pkg:npm/parse@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-awer-uuxm-vkge" }, { "vulnerability": "VCID-r11s-dzcn-qudf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/parse@2.10.0" } ], "aliases": [ "GHSA-wvh7-5p38-2qfc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29sq-fnkh-wuct" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/parse@2.10.0" }