Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/395351?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/395351?format=api", "purl": "pkg:npm/restafary@1.3.12", "type": "npm", "namespace": "", "name": "restafary", "version": "1.3.12", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.6.1", "latest_non_vulnerable_version": "1.6.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115475?format=api", "vulnerability_id": "VCID-11nc-uey3-v3db", "summary": "Directory Traversal\nrestafary is able to set up a root path, which should only allow it to run inside of that root path it specified. An attacker is able to provide a specifically crafted path to access files outside of this specified root path.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83034?format=api", "purl": "pkg:npm/restafary@1.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/restafary@1.6.1" } ], "aliases": [ "GMS-2016-20" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11nc-uey3-v3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48008?format=api", "vulnerability_id": "VCID-y7ea-ch7t-1uh2", "summary": "Directory Traversal in restafary\nAffected versions of `restafary` are susceptible to a directory traversal vulnerability when a root path is specified in the configuration.\n\n\nProof of Concept\n\n```\ncurl -i -s -k -X 'GET' -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' 'http://localhost:8000/api/v1/fs/..%2f..%2fetc/passwd'\n```\n\n\n## Recommendation\n\nUpdate to version 1.6.1 or later.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60494", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10528" }, { "reference_url": "https://github.com/advisories/GHSA-xg5r-8j97-2wrj", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xg5r-8j97-2wrj" }, { "reference_url": "https://nodesecurity.io/advisories/89", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodesecurity.io/advisories/89" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10528", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10528" }, { "reference_url": "https://www.npmjs.com/advisories/89", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83034?format=api", "purl": "pkg:npm/restafary@1.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/restafary@1.6.1" } ], "aliases": [ "CVE-2016-10528", "GHSA-xg5r-8j97-2wrj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7ea-ch7t-1uh2" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/restafary@1.3.12" }