Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/38010?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/38010?format=api", "purl": "pkg:deb/debian/dovecot@1:1.0.15-2.3?distro=trixie", "type": "deb", "namespace": "debian", "name": "dovecot", "version": "1:1.0.15-2.3", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1:1.1.7-1", "latest_non_vulnerable_version": "1:2.4.4+dfsg1-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201245?format=api", "vulnerability_id": "VCID-h7cc-hf6j-s7d7", "summary": "Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a \"..\" (dot dot) in a script name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5301.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.69047", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.69139", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5301" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506031", "reference_id": "506031", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506031" }, { "reference_url": "https://usn.ubuntu.com/838-1/", "reference_id": "USN-838-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/838-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38010?format=api", "purl": "pkg:deb/debian/dovecot@1:1.0.15-2.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dovecot@1:1.0.15-2.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/37997?format=api", "purl": "pkg:deb/debian/dovecot@1:2.3.13%2Bdfsg1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-522b-zphp-mqhm" }, { "vulnerability": "VCID-ct3x-pzz3-huhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dovecot@1:2.3.13%252Bdfsg1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/37995?format=api", "purl": "pkg:deb/debian/dovecot@1:2.3.19.1%2Bdfsg1-2.1%2Bdeb12u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dovecot@1:2.3.19.1%252Bdfsg1-2.1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/37999?format=api", "purl": "pkg:deb/debian/dovecot@1:2.4.1%2Bdfsg1-6%2Bdeb13u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dovecot@1:2.4.1%252Bdfsg1-6%252Bdeb13u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/37998?format=api", "purl": "pkg:deb/debian/dovecot@1:2.4.4%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dovecot@1:2.4.4%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-5301" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h7cc-hf6j-s7d7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dovecot@1:1.0.15-2.3%3Fdistro=trixie" }