GET

Package Instance

Lookup for vulnerable packages by Package URL.

GET /api/packages/236376?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/236376?format=api",
    "purl": "pkg:npm/clean-css@2.2.19",
    "type": "npm",
    "namespace": "",
    "name": "clean-css",
    "version": "2.2.19",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "4.1.11",
    "latest_non_vulnerable_version": "4.1.11",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41045?format=api",
            "vulnerability_id": "VCID-zb9q-mw8d-37dj",
            "summary": "Regular Expression Denial of Service in clean-css\nVersion of `clean-css` prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 4.1.11 or higher.",
            "references": [
                {
                    "reference_url": "https://github.com/jakubpawlowicz/clean-css/commit/2929bafbf8cdf7dccb24e0949c70833764fa87e3",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jakubpawlowicz/clean-css/commit/2929bafbf8cdf7dccb24e0949c70833764fa87e3"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/785",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/advisories/785"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-wxhq-pm8v-cw75",
                    "reference_id": "GHSA-wxhq-pm8v-cw75",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-wxhq-pm8v-cw75"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58157?format=api",
                    "purl": "pkg:npm/clean-css@4.1.11",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/clean-css@4.1.11"
                }
            ],
            "aliases": [
                "GHSA-wxhq-pm8v-cw75",
                "GMS-2019-15",
                "GMS-2019-71",
                "GMS-2019-72",
                "GMS-2019-74",
                "GMS-2019-75",
                "GMS-2019-76",
                "GMS-2019-77",
                "GMS-2019-78"
            ],
            "risk_score": 1.4,
            "exploitability": "0.5",
            "weighted_severity": "2.7",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zb9q-mw8d-37dj"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": "1.4",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/clean-css@2.2.19"
}