Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/441514?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/441514?format=api", "purl": "pkg:apk/alpine/zoneminder@1.30.2-r3?arch=x86&distroversion=v3.8&reponame=community", "type": "apk", "namespace": "alpine", "name": "zoneminder", "version": "1.30.2-r3", "qualifiers": { "arch": "x86", "distroversion": "v3.8", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107243?format=api", "vulnerability_id": "VCID-4eh3-5dn2-z3dg", "summary": "ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45791", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45859", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45863", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45842", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45816", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.4583", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5368" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733", "reference_id": "854733", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/441514?format=api", "purl": "pkg:apk/alpine/zoneminder@1.30.2-r3?arch=x86&distroversion=v3.8&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.30.2-r3%3Farch=x86&distroversion=v3.8&reponame=community" } ], "aliases": [ "CVE-2017-5368" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4eh3-5dn2-z3dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107242?format=api", "vulnerability_id": "VCID-fsvx-yzq2-bqb2", "summary": "Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57208", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5726", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57267", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57255", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57242", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57259", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5367" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733", "reference_id": "854733", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/441514?format=api", "purl": "pkg:apk/alpine/zoneminder@1.30.2-r3?arch=x86&distroversion=v3.8&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.30.2-r3%3Farch=x86&distroversion=v3.8&reponame=community" } ], "aliases": [ "CVE-2017-5367" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fsvx-yzq2-bqb2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.30.2-r3%3Farch=x86&distroversion=v3.8&reponame=community" }