Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/473538?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/473538?format=api", "purl": "pkg:maven/com.typesafe.play/play-ws_2.12@2.8.1", "type": "maven", "namespace": "com.typesafe.play", "name": "play-ws_2.12", "version": "2.8.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.8.16", "latest_non_vulnerable_version": "2.8.16", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208035?format=api", "vulnerability_id": "VCID-5rgy-2ftt-wbak", "summary": "Out-of-bounds Write in Play Framework", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67554", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67463", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67564", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67567", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27196" }, { "reference_url": "https://github.com/playframework/playframework/pull/10321", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/playframework/playframework/pull/10321" }, { "reference_url": "https://www.playframework.com/security/vulnerability", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.playframework.com/security/vulnerability" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27196", "reference_id": "CVE-2020-27196", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27196" }, { "reference_url": "https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow", "reference_id": "CVE-2020-27196-DOSVIAJSONSTACKOVERFLOW", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow" }, { "reference_url": "https://github.com/advisories/GHSA-h48w-c35p-6m8x", "reference_id": "GHSA-h48w-c35p-6m8x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h48w-c35p-6m8x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/473540?format=api", "purl": "pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p48p-skh8-ebgd" }, { "vulnerability": "VCID-wwdv-7v1a-h7an" }, { "vulnerability": "VCID-zz2d-zdcp-fkbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3" } ], "aliases": [ "CVE-2020-27196", "GHSA-h48w-c35p-6m8x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5rgy-2ftt-wbak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208034?format=api", "vulnerability_id": "VCID-fve1-eq7u-vkbv", "summary": "Uncontrolled Recursion in Play Framework", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67554", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67463", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67564", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67567", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26883" }, { "reference_url": "https://github.com/playframework/playframework/pull/10495", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/playframework/playframework/pull/10495" }, { "reference_url": "https://www.playframework.com/security/vulnerability", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.playframework.com/security/vulnerability" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26883", "reference_id": "CVE-2020-26883", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26883" }, { "reference_url": "https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion", "reference_id": "CVE-2020-26883-JSONPARSEUNCONTROLLEDRECURSION", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.playframework.com/security/vulnerability/CVE-2020-26883-JsonParseUncontrolledRecursion" }, { "reference_url": "https://github.com/advisories/GHSA-p8p6-rcp6-4mrm", "reference_id": "GHSA-p8p6-rcp6-4mrm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p8p6-rcp6-4mrm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/473540?format=api", "purl": "pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p48p-skh8-ebgd" }, { "vulnerability": "VCID-wwdv-7v1a-h7an" }, { "vulnerability": "VCID-zz2d-zdcp-fkbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3" } ], "aliases": [ "CVE-2020-26883", "GHSA-p8p6-rcp6-4mrm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fve1-eq7u-vkbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167349?format=api", "vulnerability_id": "VCID-p48p-skh8-ebgd", "summary": "Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.63088", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.63091", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.63079", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62978", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31023" }, { "reference_url": "https://github.com/playframework/playframework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/playframework/playframework" }, { "reference_url": "https://github.com/playframework/playframework/pull/11305", "reference_id": "11305", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:06:14Z/" } ], "url": "https://github.com/playframework/playframework/pull/11305" }, { "reference_url": "https://github.com/playframework/playframework/releases/tag/2.8.16", "reference_id": "2.8.16", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:06:14Z/" } ], "url": "https://github.com/playframework/playframework/releases/tag/2.8.16" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31023", "reference_id": "CVE-2022-31023", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31023" }, { "reference_url": "https://github.com/advisories/GHSA-p9p4-97g9-wcrh", "reference_id": "GHSA-p9p4-97g9-wcrh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9p4-97g9-wcrh" }, { "reference_url": "https://github.com/playframework/playframework/security/advisories/GHSA-p9p4-97g9-wcrh", "reference_id": "GHSA-p9p4-97g9-wcrh", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:06:14Z/" } ], "url": "https://github.com/playframework/playframework/security/advisories/GHSA-p9p4-97g9-wcrh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/570162?format=api", "purl": "pkg:maven/com.typesafe.play/play-ws_2.12@2.8.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.16" } ], "aliases": [ "CVE-2022-31023", "GHSA-p9p4-97g9-wcrh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p48p-skh8-ebgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208036?format=api", "vulnerability_id": "VCID-q9tf-sv2n-jbdm", "summary": "Data Amplification in Play Framework", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26882", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61706", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61603", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61709", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61714", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26882" }, { "reference_url": "https://github.com/playframework/playframework/pull/10495", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/playframework/playframework/pull/10495" }, { "reference_url": "https://www.playframework.com/security/vulnerability", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.playframework.com/security/vulnerability" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26882", "reference_id": "CVE-2020-26882", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26882" }, { "reference_url": "https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification", "reference_id": "CVE-2020-26882-JSONPARSEDATAAMPLIFICATION", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.playframework.com/security/vulnerability/CVE-2020-26882-JsonParseDataAmplification" }, { "reference_url": "https://github.com/advisories/GHSA-r8rm-4hfj-2x87", "reference_id": "GHSA-r8rm-4hfj-2x87", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r8rm-4hfj-2x87" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/473540?format=api", "purl": "pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p48p-skh8-ebgd" }, { "vulnerability": "VCID-wwdv-7v1a-h7an" }, { "vulnerability": "VCID-zz2d-zdcp-fkbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.3" } ], "aliases": [ "CVE-2020-26882", "GHSA-r8rm-4hfj-2x87" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9tf-sv2n-jbdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207801?format=api", "vulnerability_id": "VCID-zz2d-zdcp-fkbe", "summary": "Data Amplification in Play Framework", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39943", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39772", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39956", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39967", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28923" }, { "reference_url": "https://www.playframework.com/security/vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.playframework.com/security/vulnerability" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28923", "reference_id": "CVE-2020-28923", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28923" }, { "reference_url": "https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer", "reference_id": "CVE-2020-28923-IMPROPERREMOVALOFSENSITIVEINFORMATIONBEFORESTORAGEORTRANSFER", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.playframework.com/security/vulnerability/CVE-2020-28923-ImproperRemovalofSensitiveInformationBeforeStorageorTransfer" }, { "reference_url": "https://github.com/advisories/GHSA-v9mf-jgq3-c28h", "reference_id": "GHSA-v9mf-jgq3-c28h", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v9mf-jgq3-c28h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/477141?format=api", "purl": "pkg:maven/com.typesafe.play/play-ws_2.12@2.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p48p-skh8-ebgd" }, { "vulnerability": "VCID-wwdv-7v1a-h7an" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.5" } ], "aliases": [ "CVE-2020-28923", "GHSA-v9mf-jgq3-c28h" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zz2d-zdcp-fkbe" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-ws_2.12@2.8.1" }