Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/459975?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/459975?format=api", "purl": "pkg:apk/alpine/radare2@5.6.6-r0?arch=x86_64&distroversion=edge&reponame=community", "type": "apk", "namespace": "alpine", "name": "radare2", "version": "5.6.6-r0", "qualifiers": { "arch": "x86_64", "distroversion": "edge", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.6.8-r0", "latest_non_vulnerable_version": "5.8.2-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264936?format=api", "vulnerability_id": "VCID-aubp-kw7t-abam", "summary": "Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49968", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49951", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49988", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50016", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49966", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50021", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50014", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50032", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50005", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50001", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50047", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50049", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50009", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0849" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478", "reference_id": "1014478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/459975?format=api", "purl": "pkg:apk/alpine/radare2@5.6.6-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@5.6.6-r0%3Farch=x86_64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2022-0849" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aubp-kw7t-abam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265092?format=api", "vulnerability_id": "VCID-e1ry-7wyr-z7gt", "summary": "Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35448", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35647", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35553", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35599", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35622", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35632", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35565", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35604", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35593", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35544", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35306", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35284", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35205", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1052" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478", "reference_id": "1014478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/459975?format=api", "purl": "pkg:apk/alpine/radare2@5.6.6-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@5.6.6-r0%3Farch=x86_64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2022-1052" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1ry-7wyr-z7gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265078?format=api", "vulnerability_id": "VCID-rgst-sefy-mya3", "summary": "Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51927", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51975", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51966", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52021", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52019", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52053", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52037", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52077", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52083", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52011", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52017", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.51979", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1031" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478", "reference_id": "1014478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/459975?format=api", "purl": "pkg:apk/alpine/radare2@5.6.6-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@5.6.6-r0%3Farch=x86_64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2022-1031" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgst-sefy-mya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265208?format=api", "vulnerability_id": "VCID-tbyx-yrx3-vfag", "summary": "Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.46991", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47028", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.46995", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47049", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47045", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47069", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47043", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47105", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47035", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1240" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478", "reference_id": "1014478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/459975?format=api", "purl": "pkg:apk/alpine/radare2@5.6.6-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@5.6.6-r0%3Farch=x86_64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2022-1240" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tbyx-yrx3-vfag" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/radare2@5.6.6-r0%3Farch=x86_64&distroversion=edge&reponame=community" }