Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/389467?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/389467?format=api", "purl": "pkg:apk/alpine/bind@9.12.2_p1-r0?arch=x86_64&distroversion=v3.21&reponame=main", "type": "apk", "namespace": "alpine", "name": "bind", "version": "9.12.2_p1-r0", "qualifiers": { "arch": "x86_64", "distroversion": "v3.21", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.12.3_p4-r0", "latest_non_vulnerable_version": "9.18.49-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60125?format=api", "vulnerability_id": "VCID-67ph-w3bg-r3d6", "summary": "Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the \"allow-recursion\" setting, it SHOULD default to one of the following: none, if \"recursion no;\" is set in named.conf; a value inherited from the \"allow-query-cache\" or \"allow-query\" settings IF \"recursion yes;\" (the default for that setting) AND match lists are explicitly set for \"allow-query-cache\" or \"allow-query\" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of \"allow-recursion {localhost; localnets;};\" if \"recursion yes;\" is in effect and no values are explicitly set for \"allow-query-cache\" or \"allow-query\". However, because of the regression introduced by change #4777, it is possible when \"recursion yes;\" is in effect and no match list values are provided for \"allow-query-cache\" or \"allow-query\" for the setting of \"allow-recursion\" to inherit a setting of all hosts from the \"allow-query\" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.8746", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.8749", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87479", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87478", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87482", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87481", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589616", "reference_id": "1589616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589616" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483", "reference_id": "901483", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483" }, { "reference_url": "https://security.archlinux.org/AVG-718", "reference_id": "AVG-718", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-718" }, { "reference_url": "https://security.gentoo.org/glsa/201903-13", "reference_id": "GLSA-201903-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-13" }, { "reference_url": "https://usn.ubuntu.com/3683-1/", "reference_id": "USN-3683-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3683-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/389467?format=api", "purl": "pkg:apk/alpine/bind@9.12.2_p1-r0?arch=x86_64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/bind@9.12.2_p1-r0%3Farch=x86_64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2018-5738" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-67ph-w3bg-r3d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60129?format=api", "vulnerability_id": "VCID-en2e-vaud-bydc", "summary": "\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5740.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5740.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.6453", "scoring_system": "epss", "scoring_elements": "0.98471", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.6453", "scoring_system": "epss", "scoring_elements": "0.98474", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.6453", "scoring_system": "epss", "scoring_elements": "0.98475", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.6453", "scoring_system": "epss", "scoring_elements": "0.98472", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613595", "reference_id": "1613595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613595" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905743", "reference_id": "905743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905743" }, { "reference_url": "https://security.gentoo.org/glsa/201903-13", "reference_id": "GLSA-201903-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2570", "reference_id": "RHSA-2018:2570", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2571", "reference_id": "RHSA-2018:2571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2571" }, { "reference_url": "https://usn.ubuntu.com/3769-1/", "reference_id": "USN-3769-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3769-1/" }, { "reference_url": "https://usn.ubuntu.com/3769-2/", "reference_id": "USN-3769-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3769-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/389467?format=api", "purl": "pkg:apk/alpine/bind@9.12.2_p1-r0?arch=x86_64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/bind@9.12.2_p1-r0%3Farch=x86_64&distroversion=v3.21&reponame=main" } ], "aliases": [ "CVE-2018-5740" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-en2e-vaud-bydc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/bind@9.12.2_p1-r0%3Farch=x86_64&distroversion=v3.21&reponame=main" }