{"url":"http://public2.vulnerablecode.io/api/packages/382311?format=json","purl":"pkg:pypi/sopel-modules.weather@1.2.4","type":"pypi","namespace":"","name":"sopel-modules.weather","version":"1.2.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.2.4","latest_non_vulnerable_version":"1.2.4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361146?format=json","vulnerability_id":"VCID-rcaq-ce65-2bfn","summary":"Potential API key leak\nIf a user is actively blackholing the location or weather APIs, or those APIs become otherwise unavailable, it is possible for the API keys to get leaked to the active IRC channel.\n\nThis is patched in v1.2.4","references":[{"reference_url":"https://github.com/sopel-irc/sopel-weather/security/advisories/GHSA-63rq-p8fp-524q","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sopel-irc/sopel-weather/security/advisories/GHSA-63rq-p8fp-524q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382311?format=json","purl":"pkg:pypi/sopel-modules.weather@1.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/sopel-modules.weather@1.2.4"}],"aliases":["GHSA-63rq-p8fp-524q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rcaq-ce65-2bfn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/sopel-modules.weather@1.2.4"}