VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/465221?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/465221?format=api",
    "purl": "pkg:apk/alpine/jenkins@2.346.2-r0?arch=armhf&distroversion=v3.19&reponame=community",
    "type": "apk",
    "namespace": "alpine",
    "name": "jenkins",
    "version": "2.346.2-r0",
    "qualifiers": {
        "arch": "armhf",
        "distroversion": "v3.19",
        "reponame": "community"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "2.361.2-r0",
    "latest_non_vulnerable_version": "2.361.2-r0",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54155?format=api",
            "vulnerability_id": "VCID-1h9x-56rp-j7ch",
            "summary": "Cross-site Scripting vulnerability in Jenkins\nSince Jenkins 2.340, the tooltip of the build button in list views supports HTML without escaping the job display name.\n\nThis vulnerability is known to be exploitable by attackers with Job/Configure permission.\n\nJenkins 2.356 addresses this vulnerability. The tooltip of the build button in list views is now escaped.\n\nNo Jenkins LTS release is affected by SECURITY-2776 or SECURITY-2780, as these were not present in Jenkins 2.332.x and fixed in the 2.346.x line before 2.346.1.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34173.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34173.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34173",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.09062",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92661",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.09062",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92664",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.09062",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92645",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.09062",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92658",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.09062",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92659",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.09062",
                            "scoring_system": "epss",
                            "scoring_elements": "0.92662",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.11821",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93703",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.11821",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93689",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.11821",
                            "scoring_system": "epss",
                            "scoring_elements": "0.937",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.11821",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93712",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.11821",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93714",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.11821",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93719",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34173"
                },
                {
                    "reference_url": "https://github.com/jenkinsci/jenkins",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jenkinsci/jenkins"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34173",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34173"
                },
                {
                    "reference_url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119652",
                    "reference_id": "2119652",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119652"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-6g4r-q7qg-6qx6",
                    "reference_id": "GHSA-6g4r-q7qg-6qx6",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-6g4r-q7qg-6qx6"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/465221?format=api",
                    "purl": "pkg:apk/alpine/jenkins@2.346.2-r0?arch=armhf&distroversion=v3.19&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=armhf&distroversion=v3.19&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2022-34173",
                "GHSA-6g4r-q7qg-6qx6"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1h9x-56rp-j7ch"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54295?format=api",
            "vulnerability_id": "VCID-gua8-x599-fqad",
            "summary": "Cross-site Scripting vulnerability in Jenkins\nSince Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for [SECURITY-1955](https://www.jenkins.io/security/advisory/2020-08-12/#SECURITY-1955).\n\nThis vulnerability is known to be exploitable by attackers with Job/Configure permission.\n\nJenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability, the feature name in help icon tooltips is now escaped.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34170.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34170.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34170",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.03786",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88104",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.03786",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88105",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.03786",
                            "scoring_system": "epss",
                            "scoring_elements": "0.881",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.03786",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88082",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.03786",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88085",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.03786",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88072",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.05054",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89752",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.05054",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89738",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.05054",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89754",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.05054",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89771",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.05054",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89778",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.05054",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89784",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.05054",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89782",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34170"
                },
                {
                    "reference_url": "https://github.com/jenkinsci/jenkins",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jenkinsci/jenkins"
                },
                {
                    "reference_url": "https://github.com/jenkinsci/jenkins/commit/f71495a63f8b861e8ca3a5fcf5cc931fce55bc57",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jenkinsci/jenkins/commit/f71495a63f8b861e8ca3a5fcf5cc931fce55bc57"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34170",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34170"
                },
                {
                    "reference_url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119648",
                    "reference_id": "2119648",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119648"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-62wf-24c4-8r76",
                    "reference_id": "GHSA-62wf-24c4-8r76",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-62wf-24c4-8r76"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/465221?format=api",
                    "purl": "pkg:apk/alpine/jenkins@2.346.2-r0?arch=armhf&distroversion=v3.19&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=armhf&distroversion=v3.19&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2022-34170",
                "GHSA-62wf-24c4-8r76"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gua8-x599-fqad"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54045?format=api",
            "vulnerability_id": "VCID-j861-35t6-8qep",
            "summary": "Cross-site Scripting vulnerability in Jenkins\nSince Jenkins 2.321 and LTS 2.332.1, the HTML output generated for new symbol-based SVG icons includes the `title` attribute of `l:ionicon` until Jenkins 2.334 and `alt` attribute of `l:icon` since Jenkins 2.335 without further escaping.\n\nThis vulnerability is known to be exploitable by attackers with Job/Configure permission.\n\nJenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability, the `title` attribute of `l:ionicon` (Jenkins LTS 2.332.4) and `alt` attribute of `l:icon` (Jenkins 2.356 and LTS 2.346.1) are escaped in the generated HTML output.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34171.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34171.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34171",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.03237",
                            "scoring_system": "epss",
                            "scoring_elements": "0.87122",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.03237",
                            "scoring_system": "epss",
                            "scoring_elements": "0.87115",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.03237",
                            "scoring_system": "epss",
                            "scoring_elements": "0.871",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.03237",
                            "scoring_system": "epss",
                            "scoring_elements": "0.87096",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.03237",
                            "scoring_system": "epss",
                            "scoring_elements": "0.8708",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.04332",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88893",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.04332",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88875",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.04332",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88891",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.04332",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88911",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.04332",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88917",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.04332",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88928",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.04332",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88923",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34171"
                },
                {
                    "reference_url": "https://github.com/jenkinsci/jenkins",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jenkinsci/jenkins"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34171",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34171"
                },
                {
                    "reference_url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119649",
                    "reference_id": "2119649",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119649"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-7f84-p6r5-jr6q",
                    "reference_id": "GHSA-7f84-p6r5-jr6q",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-7f84-p6r5-jr6q"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/465221?format=api",
                    "purl": "pkg:apk/alpine/jenkins@2.346.2-r0?arch=armhf&distroversion=v3.19&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=armhf&distroversion=v3.19&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2022-34171",
                "GHSA-7f84-p6r5-jr6q"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j861-35t6-8qep"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54194?format=api",
            "vulnerability_id": "VCID-uwfz-czcp-qyd9",
            "summary": "Cross-site Scripting vulnerability in Jenkins\nSince Jenkins 2.340, symbol-based icons unescape previously escaped values of `tooltip` parameters.\n\nThis vulnerability is known to be exploitable by attackers with Job/Configure permission.\n\nJenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescape values of `tooltip` parameters.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34172.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34172.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34172",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.04819",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89537",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.04819",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89533",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.04819",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89506",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.04819",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89521",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.04819",
                            "scoring_system": "epss",
                            "scoring_elements": "0.8952",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.04819",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89518",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.06403",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91008",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.06403",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90989",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.06403",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90998",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.06403",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91021",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.06403",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91026",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.06403",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91035",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34172"
                },
                {
                    "reference_url": "https://github.com/jenkinsci/jenkins",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jenkinsci/jenkins"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34172",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34172"
                },
                {
                    "reference_url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119650",
                    "reference_id": "2119650",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119650"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-mhp7-3393-pfqr",
                    "reference_id": "GHSA-mhp7-3393-pfqr",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-mhp7-3393-pfqr"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/465221?format=api",
                    "purl": "pkg:apk/alpine/jenkins@2.346.2-r0?arch=armhf&distroversion=v3.19&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=armhf&distroversion=v3.19&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2022-34172",
                "GHSA-mhp7-3393-pfqr"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwfz-czcp-qyd9"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54095?format=api",
            "vulnerability_id": "VCID-vgg4-g95a-gkey",
            "summary": "Observable timing discrepancy allows determining username validity in Jenkins\nIn Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This allows attackers to determine the validity of attacker-specified usernames.\n\nLogin attempts with an invalid username now validate a synthetic password to eliminate the timing discrepancy in Jenkins 2.356, LTS 2.332.4.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34174.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34174",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00863",
                            "scoring_system": "epss",
                            "scoring_elements": "0.7516",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.00863",
                            "scoring_system": "epss",
                            "scoring_elements": "0.75156",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.00863",
                            "scoring_system": "epss",
                            "scoring_elements": "0.75152",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.00863",
                            "scoring_system": "epss",
                            "scoring_elements": "0.75113",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00863",
                            "scoring_system": "epss",
                            "scoring_elements": "0.75123",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00863",
                            "scoring_system": "epss",
                            "scoring_elements": "0.75116",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00863",
                            "scoring_system": "epss",
                            "scoring_elements": "0.75078",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.01169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.78622",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.01169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.7861",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.01169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.78641",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.01169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.78647",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.01169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.78654",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.01169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.78679",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.01169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.7866",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34174"
                },
                {
                    "reference_url": "https://github.com/jenkinsci/jenkins",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jenkinsci/jenkins"
                },
                {
                    "reference_url": "https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34174",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34174"
                },
                {
                    "reference_url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119653",
                    "reference_id": "2119653",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119653"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-9grj-j43m-mjqr",
                    "reference_id": "GHSA-9grj-j43m-mjqr",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-9grj-j43m-mjqr"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2023:0017",
                    "reference_id": "RHSA-2023:0017",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2023:0017"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2023:0697",
                    "reference_id": "RHSA-2023:0697",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2023:0697"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2023:0777",
                    "reference_id": "RHSA-2023:0777",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2023:0777"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/465221?format=api",
                    "purl": "pkg:apk/alpine/jenkins@2.346.2-r0?arch=armhf&distroversion=v3.19&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=armhf&distroversion=v3.19&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2022-34174",
                "GHSA-9grj-j43m-mjqr"
            ],
            "risk_score": 3.4,
            "exploitability": "0.5",
            "weighted_severity": "6.8",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgg4-g95a-gkey"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.346.2-r0%3Farch=armhf&distroversion=v3.19&reponame=community"
}

Package Instance