Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/40401?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/40401?format=api", "purl": "pkg:deb/debian/file@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "file", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.4.1", "latest_non_vulnerable_version": "1:5.47-4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/184583?format=api", "vulnerability_id": "VCID-fvst-sj5n-23aj", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of\n which could lead to remote execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4636.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4636.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55954", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4636" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=977463", "reference_id": "977463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977463" }, { "reference_url": "https://security.gentoo.org/glsa/201408-11", "reference_id": "GLSA-201408-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40401?format=api", "purl": "pkg:deb/debian/file@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40378?format=api", "purl": "pkg:deb/debian/file@1:5.39-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.39-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40375?format=api", "purl": "pkg:deb/debian/file@1:5.44-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.44-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40379?format=api", "purl": "pkg:deb/debian/file@1:5.46-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.46-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40380?format=api", "purl": "pkg:deb/debian/file@1:5.47-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.47-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4636" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fvst-sj5n-23aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212783?format=api", "vulnerability_id": "VCID-k95h-satb-8qha", "summary": "The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4605.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4605.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09106", "scoring_system": "epss", "scoring_elements": "0.92849", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4605" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213442", "reference_id": "1213442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1066", "reference_id": "RHSA-2015:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1135", "reference_id": "RHSA-2015:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1186", "reference_id": "RHSA-2015:1186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1187", "reference_id": "RHSA-2015:1187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1187" }, { "reference_url": "https://usn.ubuntu.com/2658-1/", "reference_id": "USN-2658-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2658-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40401?format=api", "purl": "pkg:deb/debian/file@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40378?format=api", "purl": "pkg:deb/debian/file@1:5.39-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.39-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40375?format=api", "purl": "pkg:deb/debian/file@1:5.44-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.44-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40379?format=api", "purl": "pkg:deb/debian/file@1:5.46-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.46-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40380?format=api", "purl": "pkg:deb/debian/file@1:5.47-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.47-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-4605" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k95h-satb-8qha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212782?format=api", "vulnerability_id": "VCID-xvny-k4ea-47d4", "summary": "The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4604.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4604.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09106", "scoring_system": "epss", "scoring_elements": "0.92849", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4604" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213442", "reference_id": "1213442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1066", "reference_id": "RHSA-2015:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1135", "reference_id": "RHSA-2015:1135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1186", "reference_id": "RHSA-2015:1186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1187", "reference_id": "RHSA-2015:1187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1187" }, { "reference_url": "https://usn.ubuntu.com/2658-1/", "reference_id": "USN-2658-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2658-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40401?format=api", "purl": "pkg:deb/debian/file@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40378?format=api", "purl": "pkg:deb/debian/file@1:5.39-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.39-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40375?format=api", "purl": "pkg:deb/debian/file@1:5.44-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.44-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40379?format=api", "purl": "pkg:deb/debian/file@1:5.46-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.46-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/40380?format=api", "purl": "pkg:deb/debian/file@1:5.47-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@1:5.47-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-4604" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvny-k4ea-47d4" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/file@0%3Fdistro=trixie" }