Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/398912?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/398912?format=api", "purl": "pkg:npm/appium-chromedriver@2.0.4", "type": "npm", "namespace": "", "name": "appium-chromedriver", "version": "2.0.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.9.4", "latest_non_vulnerable_version": "2.9.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48174?format=api", "vulnerability_id": "VCID-pn76-3sa1-2kcr", "summary": "appium-chromedriver downloads Resources over HTTP\nAffected versions of `appium-chromedriver` insecurely download resources over HTTP. \n\nIn scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution if overwritten with a malicious binary.\n\n\n## Recommendation\n\nUpdate to version 2.9.4 or later.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73752", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10557" }, { "reference_url": "https://github.com/advisories/GHSA-hc94-2wfr-4pwf", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hc94-2wfr-4pwf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10557", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10557" }, { "reference_url": "https://www.npmjs.com/advisories/162", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83148?format=api", "purl": "pkg:npm/appium-chromedriver@2.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/appium-chromedriver@2.9.4" } ], "aliases": [ "CVE-2016-10557", "GHSA-hc94-2wfr-4pwf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pn76-3sa1-2kcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115833?format=api", "vulnerability_id": "VCID-q2d3-n4zd-f7br", "summary": "Downloads Resources over HTTP\nThe library downloads binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.", "references": [ { "reference_url": "https://github.com/appium/appium-chromedriver/commit/c7e384afcddf009636b8e5bb23b1f06150eda293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/appium/appium-chromedriver/commit/c7e384afcddf009636b8e5bb23b1f06150eda293" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83148?format=api", "purl": "pkg:npm/appium-chromedriver@2.9.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/appium-chromedriver@2.9.4" } ], "aliases": [ "GMS-2016-87" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2d3-n4zd-f7br" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/appium-chromedriver@2.0.4" }