Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/33458?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/33458?format=api", "purl": "pkg:pypi/guardrails-ai@0.2.9", "type": "pypi", "namespace": "", "name": "guardrails-ai", "version": "0.2.9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.6.8", "latest_non_vulnerable_version": "0.6.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40580?format=api", "vulnerability_id": "VCID-385r-paar-1yef", "summary": "An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing it to execute on the user's machine.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28437", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45858" }, { "reference_url": "https://github.com/guardrails-ai/guardrails", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guardrails-ai/guardrails" }, { "reference_url": "https://github.com/guardrails-ai/guardrails/commit/ab12701e8c3ef41273ff9b3912f2e4e28ae8306f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guardrails-ai/guardrails/commit/ab12701e8c3ef41273ff9b3912f2e4e28ae8306f" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-guardrails", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-guardrails" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-guardrails/", "reference_id": "2024-09-guardrails", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T17:41:44Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-guardrails/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45858", "reference_id": "CVE-2024-45858", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45858" }, { "reference_url": "https://github.com/advisories/GHSA-w392-75q8-vr67", "reference_id": "GHSA-w392-75q8-vr67", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w392-75q8-vr67" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33459?format=api", "purl": "pkg:pypi/guardrails-ai@0.5.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-59ed-61g4-4kat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/guardrails-ai@0.5.10" } ], "aliases": [ "CVE-2024-45858", "GHSA-w392-75q8-vr67" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-385r-paar-1yef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359143?format=api", "vulnerability_id": "VCID-59ed-61g4-4kat", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59753", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31233" }, { "reference_url": "https://github.com/guardrails-ai/guardrails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guardrails-ai/guardrails" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31233", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31233" }, { "reference_url": "https://www.notion.so/CVE-2026-31233-35d1e13931888142a954fb3f50ee0c94", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.notion.so/CVE-2026-31233-35d1e13931888142a954fb3f50ee0c94" }, { "reference_url": "https://github.com/advisories/GHSA-r6hf-g5x6-7pv9", "reference_id": "GHSA-r6hf-g5x6-7pv9", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6hf-g5x6-7pv9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1069734?format=api", "purl": "pkg:pypi/guardrails-ai@0.6.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/guardrails-ai@0.6.8" } ], "aliases": [ "CVE-2026-31233", "GHSA-r6hf-g5x6-7pv9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-59ed-61g4-4kat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50666?format=api", "vulnerability_id": "VCID-yc9w-mycv-ckhy", "summary": "RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2353", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6961" }, { "reference_url": "https://github.com/guardrails-ai/guardrails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guardrails-ai/guardrails" }, { "reference_url": "https://github.com/guardrails-ai/guardrails/commit/f3d806afee31e2e3f97af682d16c3c1bc0d3c380", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guardrails-ai/guardrails/commit/f3d806afee31e2e3f97af682d16c3c1bc0d3c380" }, { "reference_url": "https://github.com/guardrails-ai/guardrails/pull/922", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guardrails-ai/guardrails/pull/922" }, { "reference_url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6961", "reference_id": "CVE-2024-6961", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6961" }, { "reference_url": "https://github.com/advisories/GHSA-f8hx-f4xw-c646", "reference_id": "GHSA-f8hx-f4xw-c646", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f8hx-f4xw-c646" }, { "reference_url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/", "reference_id": "guardrails-rail-xxe-jfsa-2024-001035519", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T18:24:13Z/" } ], "url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32738?format=api", "purl": "pkg:pypi/guardrails-ai@0.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-385r-paar-1yef" }, { "vulnerability": "VCID-59ed-61g4-4kat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/guardrails-ai@0.5.0" } ], "aliases": [ "CVE-2024-6961", "GHSA-f8hx-f4xw-c646" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yc9w-mycv-ckhy" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/guardrails-ai@0.2.9" }