Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/432421?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/432421?format=api", "purl": "pkg:apk/alpine/riot-web@1.8.4-r0?arch=x86&distroversion=v3.17&reponame=community", "type": "apk", "namespace": "alpine", "name": "riot-web", "version": "1.8.4-r0", "qualifiers": { "arch": "x86", "distroversion": "v3.17", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.9.7-r0", "latest_non_vulnerable_version": "1.11.30-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11225?format=api", "vulnerability_id": "VCID-mwm6-1d7e-mfev", "summary": "Use of a Broken or Risky Cryptographic Algorithm\nA logic error in the room key sharing functionality of Element Android exists. This error allows the attacker to decrypt end-to-end encrypted messages sent by affected clients.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46955", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47026", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47007", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47063", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47059", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47008", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46994", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46949", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46951", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47005", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47002", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40824" }, { "reference_url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.2.2" }, { "reference_url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40824", "reference_id": "CVE-2021-40824", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40824" }, { "reference_url": "https://github.com/advisories/GHSA-jjmc-4p83-pp26", "reference_id": "GHSA-jjmc-4p83-pp26", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjmc-4p83-pp26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/432421?format=api", "purl": "pkg:apk/alpine/riot-web@1.8.4-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/riot-web@1.8.4-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2021-40824", "GHSA-jjmc-4p83-pp26" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwm6-1d7e-mfev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11226?format=api", "vulnerability_id": "VCID-xewe-wx57-3yfd", "summary": "Use of a Broken or Risky Cryptographic Algorithm\nThere is a logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK). This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49476", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49468", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49503", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49512", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49541", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49543", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49496", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49455", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49502", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49494", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49505", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4951", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49447", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40823" }, { "reference_url": "https://github.com/matrix-org/matrix-js-sdk", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/matrix-org/matrix-js-sdk" }, { "reference_url": "https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9" }, { "reference_url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v12.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v12.4.1" }, { "reference_url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-23cm-x6j7-6hq3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-23cm-x6j7-6hq3" }, { "reference_url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994213", "reference_id": "994213", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994213" }, { "reference_url": "https://security.archlinux.org/ASA-202109-4", "reference_id": "ASA-202109-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202109-4" }, { "reference_url": "https://security.archlinux.org/ASA-202109-5", "reference_id": "ASA-202109-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202109-5" }, { "reference_url": "https://security.archlinux.org/AVG-2377", "reference_id": "AVG-2377", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2377" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40823", "reference_id": "CVE-2021-40823", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40823" }, { "reference_url": "https://github.com/advisories/GHSA-23cm-x6j7-6hq3", "reference_id": "GHSA-23cm-x6j7-6hq3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-23cm-x6j7-6hq3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/432421?format=api", "purl": "pkg:apk/alpine/riot-web@1.8.4-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/riot-web@1.8.4-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2021-40823", "GHSA-23cm-x6j7-6hq3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xewe-wx57-3yfd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/riot-web@1.8.4-r0%3Farch=x86&distroversion=v3.17&reponame=community" }