Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/390388?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/390388?format=api", "purl": "pkg:apk/alpine/lrzip@0.640-r0?arch=riscv64&distroversion=v3.21&reponame=community", "type": "apk", "namespace": "alpine", "name": "lrzip", "version": "0.640-r0", "qualifiers": { "arch": "riscv64", "distroversion": "v3.21", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.650-r0", "latest_non_vulnerable_version": "0.650-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92458?format=api", "vulnerability_id": "VCID-5eh5-fgjv-ykah", "summary": "A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70269", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70277", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.7026", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70249", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70271", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25467" }, { "reference_url": "https://usn.ubuntu.com/5840-1/", "reference_id": "USN-5840-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5840-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/390388?format=api", "purl": "pkg:apk/alpine/lrzip@0.640-r0?arch=riscv64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/lrzip@0.640-r0%3Farch=riscv64&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2020-25467" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5eh5-fgjv-ykah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92460?format=api", "vulnerability_id": "VCID-6vhm-zkmc-j3h5", "summary": "Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46185", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46159", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4617", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54114", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.5417", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54178", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27347" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990583", "reference_id": "990583", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990583" }, { "reference_url": "https://usn.ubuntu.com/5840-1/", "reference_id": "USN-5840-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5840-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/390388?format=api", "purl": "pkg:apk/alpine/lrzip@0.640-r0?arch=riscv64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/lrzip@0.640-r0%3Farch=riscv64&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2021-27347" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vhm-zkmc-j3h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92459?format=api", "vulnerability_id": "VCID-73y2-8g2p-a3aw", "summary": "A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59008", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59013", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59005", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58989", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27345" }, { "reference_url": "https://usn.ubuntu.com/5840-1/", "reference_id": "USN-5840-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5840-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/390388?format=api", "purl": "pkg:apk/alpine/lrzip@0.640-r0?arch=riscv64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/lrzip@0.640-r0%3Farch=riscv64&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2021-27345" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73y2-8g2p-a3aw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/lrzip@0.640-r0%3Farch=riscv64&distroversion=v3.21&reponame=community" }