Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/372225?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/372225?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.7.1-1", "type": "alpm", "namespace": "archlinux", "name": "gitlab", "version": "13.7.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "13.7.2-1", "latest_non_vulnerable_version": "15.2.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240442?format=api", "vulnerability_id": "VCID-5wbt-x41a-e7bs", "summary": "An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35158", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35449", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35648", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35673", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35554", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35599", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35623", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35633", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35588", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35566", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35307", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35286", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35207", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35088", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22166" }, { "reference_url": "https://security.archlinux.org/ASA-202101-10", "reference_id": "ASA-202101-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-10" }, { "reference_url": "https://security.archlinux.org/AVG-1416", "reference_id": "AVG-1416", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1416" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372226?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.7.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.7.2-1" } ], "aliases": [ "CVE-2021-22166" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5wbt-x41a-e7bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240446?format=api", "vulnerability_id": "VCID-7fnb-yfbq-bfeh", "summary": "A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37956", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3828", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38418", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38442", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38306", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38356", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38364", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38381", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38343", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38318", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38366", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38346", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38281", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38122", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38098", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38005", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37889", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22168" }, { "reference_url": "https://security.archlinux.org/ASA-202101-10", "reference_id": "ASA-202101-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-10" }, { "reference_url": "https://security.archlinux.org/AVG-1416", "reference_id": "AVG-1416", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1416" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372226?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.7.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.7.2-1" } ], "aliases": [ "CVE-2021-22168" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fnb-yfbq-bfeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240444?format=api", "vulnerability_id": "VCID-b1et-bsq2-cyfn", "summary": "An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47983", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47985", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48023", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48044", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47994", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48047", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48065", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48041", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48053", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48105", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.481", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48056", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48037", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48049", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47997", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47916", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22167" }, { "reference_url": "https://security.archlinux.org/ASA-202101-10", "reference_id": "ASA-202101-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-10" }, { "reference_url": "https://security.archlinux.org/AVG-1416", "reference_id": "AVG-1416", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1416" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372226?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.7.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.7.2-1" } ], "aliases": [ "CVE-2021-22167" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1et-bsq2-cyfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224026?format=api", "vulnerability_id": "VCID-hrbv-6bwd-a3hz", "summary": "An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50254", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50263", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50303", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50332", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5028", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50333", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50326", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50355", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.5033", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50319", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50364", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50367", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50343", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50316", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50278", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.502", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26414" }, { "reference_url": "https://security.archlinux.org/ASA-202101-10", "reference_id": "ASA-202101-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-10" }, { "reference_url": "https://security.archlinux.org/AVG-1416", "reference_id": "AVG-1416", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1416" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372226?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.7.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.7.2-1" } ], "aliases": [ "CVE-2020-26414" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hrbv-6bwd-a3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/240451?format=api", "vulnerability_id": "VCID-myew-c4zd-u3cw", "summary": "Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31532", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32167", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3199", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32041", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3207", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32074", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32035", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32003", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32036", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32014", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31987", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31821", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31694", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31612", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31459", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22171" }, { "reference_url": "https://security.archlinux.org/ASA-202101-10", "reference_id": "ASA-202101-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-10" }, { "reference_url": "https://security.archlinux.org/AVG-1416", "reference_id": "AVG-1416", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1416" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372226?format=api", "purl": "pkg:alpm/archlinux/gitlab@13.7.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.7.2-1" } ], "aliases": [ "CVE-2021-22171" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-myew-c4zd-u3cw" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@13.7.1-1" }