VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/364116?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/364116?format=api",
    "purl": "pkg:apk/alpine/clamav@0.100.3-r0?arch=armv7&distroversion=v3.14&reponame=community",
    "type": "apk",
    "namespace": "alpine",
    "name": "clamav",
    "version": "0.100.3-r0",
    "qualifiers": {
        "arch": "armv7",
        "distroversion": "v3.14",
        "reponame": "community"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "0.101.4-r0",
    "latest_non_vulnerable_version": "0.103.2-r0",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65150?format=api",
            "vulnerability_id": "VCID-wb32-u9sm-q7h3",
            "summary": "A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1787",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.05975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90829",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.05975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90843",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.05975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9084",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.05975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90838",
                            "published_at": "2026-06-08T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1787"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12181",
                    "reference_id": "detail?id=12181",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/"
                        }
                    ],
                    "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12181"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201904-12",
                    "reference_id": "GLSA-201904-12",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/"
                        }
                    ],
                    "url": "https://security.gentoo.org/glsa/201904-12"
                },
                {
                    "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html",
                    "reference_id": "msg00019.html",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/"
                        }
                    ],
                    "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html"
                },
                {
                    "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html",
                    "reference_id": "msg00062.html",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/"
                        }
                    ],
                    "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html"
                },
                {
                    "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html",
                    "reference_id": "msg00064.html",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/"
                        }
                    ],
                    "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/3940-1/",
                    "reference_id": "USN-3940-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/3940-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/3940-2/",
                    "reference_id": "USN-3940-2",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/3940-2/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/364116?format=api",
                    "purl": "pkg:apk/alpine/clamav@0.100.3-r0?arch=armv7&distroversion=v3.14&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/clamav@0.100.3-r0%3Farch=armv7&distroversion=v3.14&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2019-1787"
            ],
            "risk_score": 3.4,
            "exploitability": "0.5",
            "weighted_severity": "6.8",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wb32-u9sm-q7h3"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65151?format=api",
            "vulnerability_id": "VCID-xr7h-hhup-bbg9",
            "summary": "A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1788",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.12731",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94138",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.12731",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94137",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.12731",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94136",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.12731",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94129",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1788"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12166",
                    "reference_id": "detail?id=12166",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/"
                        }
                    ],
                    "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12166"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201904-12",
                    "reference_id": "GLSA-201904-12",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/"
                        }
                    ],
                    "url": "https://security.gentoo.org/glsa/201904-12"
                },
                {
                    "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html",
                    "reference_id": "msg00019.html",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/"
                        }
                    ],
                    "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html"
                },
                {
                    "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html",
                    "reference_id": "msg00062.html",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/"
                        }
                    ],
                    "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html"
                },
                {
                    "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html",
                    "reference_id": "msg00064.html",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/"
                        }
                    ],
                    "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/3940-1/",
                    "reference_id": "USN-3940-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/3940-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/3940-2/",
                    "reference_id": "USN-3940-2",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/3940-2/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/364116?format=api",
                    "purl": "pkg:apk/alpine/clamav@0.100.3-r0?arch=armv7&distroversion=v3.14&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/clamav@0.100.3-r0%3Farch=armv7&distroversion=v3.14&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2019-1788"
            ],
            "risk_score": 3.4,
            "exploitability": "0.5",
            "weighted_severity": "6.8",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xr7h-hhup-bbg9"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65152?format=api",
            "vulnerability_id": "VCID-xtcu-h69q-1ufq",
            "summary": "ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1789",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00593",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69655",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.00593",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69676",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00593",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69666",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.00593",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69628",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00593",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69668",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1789"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1789",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1789"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html",
                    "reference_id": "clamav-01012-and-01003-patches-have.html",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:22:31Z/"
                        }
                    ],
                    "url": "https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201904-12",
                    "reference_id": "GLSA-201904-12",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201904-12"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/3940-1/",
                    "reference_id": "USN-3940-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/3940-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/3940-2/",
                    "reference_id": "USN-3940-2",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/3940-2/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/364116?format=api",
                    "purl": "pkg:apk/alpine/clamav@0.100.3-r0?arch=armv7&distroversion=v3.14&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/clamav@0.100.3-r0%3Farch=armv7&distroversion=v3.14&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2019-1789"
            ],
            "risk_score": 1.9,
            "exploitability": "0.5",
            "weighted_severity": "3.8",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtcu-h69q-1ufq"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/clamav@0.100.3-r0%3Farch=armv7&distroversion=v3.14&reponame=community"
}

Package Instance