Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/172696?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/172696?format=api", "purl": "pkg:gem/spree_api@2.3.1", "type": "gem", "namespace": "", "name": "spree_api", "version": "2.3.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.10.3", "latest_non_vulnerable_version": "5.3.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49615?format=api", "vulnerability_id": "VCID-cwev-75xu-dfbb", "summary": "Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification\nAn Authenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying an existing order.\nBy editing an order they legitimately own and manipulating address identifiers in the request, the backend server accepts and processes references to addresses belonging to other users, subsequently associating those addresses with the attacker’s order and returning them in the response.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01103", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04256", "published_at": "2026-06-05T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01011", "published_at": "2026-06-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01015", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22588" }, { "reference_url": "https://github.com/spree/spree", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree" }, { "reference_url": "https://github.com/spree/spree/commit/02acabdce2c5f14fd687335b068d901a957a7e72", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/commit/02acabdce2c5f14fd687335b068d901a957a7e72" }, { "reference_url": "https://github.com/spree/spree/commit/17e78a91b736b49dbea8d1bb1223c284383ee5f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/commit/17e78a91b736b49dbea8d1bb1223c284383ee5f3" }, { "reference_url": "https://github.com/spree/spree/commit/b409c0fd327e7ce37f63238894670d07079eefe8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/commit/b409c0fd327e7ce37f63238894670d07079eefe8" }, { "reference_url": "https://github.com/spree/spree/commit/d3f961c442e0015661535cbd6eb22475f76d2dc7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/commit/d3f961c442e0015661535cbd6eb22475f76d2dc7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22588", "reference_id": "CVE-2026-22588", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22588" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-22588.yml", "reference_id": "CVE-2026-22588.YML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-22588.yml" }, { "reference_url": "https://github.com/advisories/GHSA-g268-72p7-9j6j", "reference_id": "GHSA-g268-72p7-9j6j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g268-72p7-9j6j" }, { "reference_url": "https://github.com/spree/spree/security/advisories/GHSA-g268-72p7-9j6j", "reference_id": "GHSA-g268-72p7-9j6j", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/security/advisories/GHSA-g268-72p7-9j6j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73243?format=api", "purl": "pkg:gem/spree_api@4.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@4.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/172922?format=api", "purl": "pkg:gem/spree_api@5.0.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cwev-75xu-dfbb" }, { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.0.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73244?format=api", "purl": "pkg:gem/spree_api@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/172930?format=api", "purl": "pkg:gem/spree_api@5.1.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cwev-75xu-dfbb" }, { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.1.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/73245?format=api", "purl": "pkg:gem/spree_api@5.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/172945?format=api", "purl": "pkg:gem/spree_api@5.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cwev-75xu-dfbb" }, { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73246?format=api", "purl": "pkg:gem/spree_api@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.2.5" } ], "aliases": [ "CVE-2026-22588", "GHSA-g268-72p7-9j6j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwev-75xu-dfbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50017?format=api", "vulnerability_id": "VCID-qmcc-5swe-gkgf", "summary": "Unauthenticated Spree Commerce users can access all guest addresses\nA critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to other guests' personally identifiable information (PII) including names, addresses and phone numbers. The vulnerability bypasses existing ownership validation checks and affects all guest checkout transactions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10371", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1035", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1039", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.114", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11388", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25758" }, { "reference_url": "https://github.com/spree/spree", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/models/spree/order/address_book.rb#L16-L38", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/models/spree/order/address_book.rb#L16-L38" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/models/spree/order/checkout.rb#L241-L254", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/models/spree/order/checkout.rb#L241-L254" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/services/spree/checkout/update.rb#L33-L48", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/services/spree/checkout/update.rb#L33-L48" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/lib/spree/permitted_attributes.rb#L92-L96", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/lib/spree/permitted_attributes.rb#L92-L96" }, { "reference_url": "https://github.com/spree/spree/commit/15619618e43b367617ec8d2d4aafc5e54fa7b734", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/15619618e43b367617ec8d2d4aafc5e54fa7b734" }, { "reference_url": "https://github.com/spree/spree/commit/29282d1565ba4f7bc2bbc47d550e2c0c6d0ae59f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/29282d1565ba4f7bc2bbc47d550e2c0c6d0ae59f" }, { "reference_url": "https://github.com/spree/spree/commit/6650f96356faa0d16c05bcb516f1ffd5641741b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/6650f96356faa0d16c05bcb516f1ffd5641741b8" }, { "reference_url": "https://github.com/spree/spree/commit/902d301ac83fd2047db1b9a3a99545162860f748", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/902d301ac83fd2047db1b9a3a99545162860f748" }, { "reference_url": "https://github.com/spree/spree/commit/ff7cfcfcfe0c40c60d03317e1d0ee361c6a6b054", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/ff7cfcfcfe0c40c60d03317e1d0ee361c6a6b054" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25758", "reference_id": "CVE-2026-25758", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25758" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-25758.yml", "reference_id": "CVE-2026-25758.YML", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-25758.yml" }, { "reference_url": "https://github.com/advisories/GHSA-87fh-rc96-6fr6", "reference_id": "GHSA-87fh-rc96-6fr6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-87fh-rc96-6fr6" }, { "reference_url": "https://github.com/spree/spree/security/advisories/GHSA-87fh-rc96-6fr6", "reference_id": "GHSA-87fh-rc96-6fr6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/security/advisories/GHSA-87fh-rc96-6fr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73871?format=api", "purl": "pkg:gem/spree_api@4.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@4.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/172922?format=api", "purl": "pkg:gem/spree_api@5.0.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cwev-75xu-dfbb" }, { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.0.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73872?format=api", "purl": "pkg:gem/spree_api@5.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/172930?format=api", "purl": "pkg:gem/spree_api@5.1.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cwev-75xu-dfbb" }, { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.1.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/73873?format=api", "purl": "pkg:gem/spree_api@5.1.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/172945?format=api", "purl": "pkg:gem/spree_api@5.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cwev-75xu-dfbb" }, { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73874?format=api", "purl": "pkg:gem/spree_api@5.2.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/173954?format=api", "purl": "pkg:gem/spree_api@5.3.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qmcc-5swe-gkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.3.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73875?format=api", "purl": "pkg:gem/spree_api@5.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.3.2" } ], "aliases": [ "CVE-2026-25758", "GHSA-87fh-rc96-6fr6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmcc-5swe-gkgf" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@2.3.1" }