VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/448363?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/448363?format=api",
    "purl": "pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main",
    "type": "apk",
    "namespace": "alpine",
    "name": "asterisk",
    "version": "20.5.1-r0",
    "qualifiers": {
        "arch": "armv7",
        "distroversion": "v3.22",
        "reponame": "main"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "20.8.1-r0",
    "latest_non_vulnerable_version": "20.11.1-r0",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59151?format=api",
            "vulnerability_id": "VCID-drvj-6p87-rqcn",
            "summary": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37457",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22423",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.2241",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22361",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.00074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22308",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.00074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22323",
                            "published_at": "2026-06-09T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37457"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303",
                    "reference_id": "1059303",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202412-03",
                    "reference_id": "GLSA-202412-03",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/202412-03"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/448363?format=api",
                    "purl": "pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@20.5.1-r0%3Farch=armv7&distroversion=v3.22&reponame=main"
                }
            ],
            "aliases": [
                "CVE-2023-37457"
            ],
            "risk_score": null,
            "exploitability": "0.5",
            "weighted_severity": "0.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drvj-6p87-rqcn"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59160?format=api",
            "vulnerability_id": "VCID-n51b-qqvd-j3h8",
            "summary": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49786",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00077",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22962",
                            "published_at": "2026-06-09T12:55:00Z"
                        },
                        {
                            "value": "0.00077",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23071",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00077",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23058",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00077",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23013",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.00077",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22959",
                            "published_at": "2026-06-08T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49786"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033",
                    "reference_id": "1059033",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033"
                },
                {
                    "reference_url": "http://seclists.org/fulldisclosure/2023/Dec/24",
                    "reference_id": "24",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"
                        }
                    ],
                    "url": "http://seclists.org/fulldisclosure/2023/Dec/24"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/15/7",
                    "reference_id": "7",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
                },
                {
                    "reference_url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html",
                    "reference_id": "Asterisk-20.1.0-Denial-Of-Service.html",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"
                        }
                    ],
                    "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
                },
                {
                    "reference_url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
                    "reference_id": "d7d7764cb07c8a1872804321302ef93bf62cba05",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"
                        }
                    ],
                    "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
                },
                {
                    "reference_url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
                    "reference_id": "ES2023-01-asterisk-dtls-hello-race",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"
                        }
                    ],
                    "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
                },
                {
                    "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
                    "reference_id": "GHSA-hxj9-xwr8-w8pq",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"
                        }
                    ],
                    "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202412-03",
                    "reference_id": "GLSA-202412-03",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/202412-03"
                },
                {
                    "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html",
                    "reference_id": "msg00019.html",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"
                        }
                    ],
                    "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/448363?format=api",
                    "purl": "pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@20.5.1-r0%3Farch=armv7&distroversion=v3.22&reponame=main"
                }
            ],
            "aliases": [
                "CVE-2023-49786"
            ],
            "risk_score": 3.4,
            "exploitability": "0.5",
            "weighted_severity": "6.8",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n51b-qqvd-j3h8"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59157?format=api",
            "vulnerability_id": "VCID-ru68-dmrf-bfbx",
            "summary": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49294",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.17085",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9513",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.17085",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95132",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.17085",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95131",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.17085",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95136",
                            "published_at": "2026-06-09T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49294"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032",
                    "reference_id": "1059032",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202412-03",
                    "reference_id": "GLSA-202412-03",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/202412-03"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/448363?format=api",
                    "purl": "pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@20.5.1-r0%3Farch=armv7&distroversion=v3.22&reponame=main"
                }
            ],
            "aliases": [
                "CVE-2023-49294"
            ],
            "risk_score": 0.1,
            "exploitability": "0.5",
            "weighted_severity": "0.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ru68-dmrf-bfbx"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@20.5.1-r0%3Farch=armv7&distroversion=v3.22&reponame=main"
}

Package Instance