Lookup for vulnerable packages by Package URL.
| Purl | pkg:apk/alpine/go@1.16.2-r0?arch=armhf&distroversion=v3.15&reponame=community |
|---|
| Type | apk |
|---|
| Namespace | alpine |
|---|
| Name | go |
|---|
| Version | 1.16.2-r0 |
|---|
| Qualifiers |
| arch |
armhf |
| distroversion |
v3.15 |
| reponame |
community |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 1.16.4-r0 |
|---|
| Latest_non_vulnerable_version | 1.17.9-r0 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-b2dq-4yps-n3cq |
| vulnerability_id |
VCID-b2dq-4yps-n3cq |
| summary |
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27918 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07267 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.073 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07304 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07289 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07246 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07258 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27918 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27918
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b2dq-4yps-n3cq |
|
| 1 |
| url |
VCID-cfuy-9jqp-vbbj |
| vulnerability_id |
VCID-cfuy-9jqp-vbbj |
| summary |
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27919 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32295 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32367 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32336 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32299 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32269 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00139 |
| scoring_system |
epss |
| scoring_elements |
0.33693 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27919 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27919
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cfuy-9jqp-vbbj |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.16.2-r0%3Farch=armhf&distroversion=v3.15&reponame=community |
|---|