Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/492217?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/492217?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.8.4-r0?arch=ppc64le&distroversion=v3.21&reponame=community", "type": "apk", "namespace": "alpine", "name": "phpmyadmin", "version": "4.8.4-r0", "qualifiers": { "arch": "ppc64le", "distroversion": "v3.21", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.8.5-r0", "latest_non_vulnerable_version": "5.1.2-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40500?format=api", "vulnerability_id": "VCID-4wn2-pnbv-sked", "summary": "Cross-site Scripting\nIn phpMyAdm, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted `database/table` name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80037", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80067", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80063", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80072", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80052", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80062", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html" }, { "reference_url": "https://security.gentoo.org/glsa/201904-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201904-16" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-8" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-8/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-8/" }, { "reference_url": "http://www.securityfocus.com/bid/106181", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106181" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19970", "reference_id": "CVE-2018-19970", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19970" }, { "reference_url": "https://github.com/advisories/GHSA-8987-93fh-rcwq", "reference_id": "GHSA-8987-93fh-rcwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8987-93fh-rcwq" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/492217?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.8.4-r0?arch=ppc64le&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.8.4-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2018-19970", "GHSA-8987-93fh-rcwq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wn2-pnbv-sked" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40494?format=api", "vulnerability_id": "VCID-52xs-45kd-w3hz", "summary": "Information Exposure\nAn attacker can exploit phpMyAdm to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85315", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85313", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.853", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.8532", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85291", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85314", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html" }, { "reference_url": "https://security.gentoo.org/glsa/201904-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201904-16" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-6" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-6/" }, { "reference_url": "http://www.securityfocus.com/bid/106178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106178" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19968", "reference_id": "CVE-2018-19968", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19968" }, { "reference_url": "https://github.com/advisories/GHSA-xc97-r49q-cxgc", "reference_id": "GHSA-xc97-r49q-cxgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc97-r49q-cxgc" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/492217?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.8.4-r0?arch=ppc64le&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.8.4-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2018-19968", "GHSA-xc97-r49q-cxgc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52xs-45kd-w3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40501?format=api", "vulnerability_id": "VCID-r4zz-m2mr-9qeb", "summary": "Cross-Site Request Forgery (CSRF)\nBy deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new `tables/routines`, deleting designer pages, `adding/deleting` users, updating user passwords, killing SQL processes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63451", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63438", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.6345", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63408", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63459", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63457", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969" }, { "reference_url": "https://security.gentoo.org/glsa/201904-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201904-16" }, { "reference_url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175" }, { "reference_url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-7" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-7/" }, { "reference_url": "http://www.securityfocus.com/bid/106175", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106175" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19969", "reference_id": "CVE-2018-19969", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19969" }, { "reference_url": "https://github.com/advisories/GHSA-xwf2-53mc-r8hx", "reference_id": "GHSA-xwf2-53mc-r8hx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xwf2-53mc-r8hx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/492217?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.8.4-r0?arch=ppc64le&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.8.4-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2018-19969", "GHSA-xwf2-53mc-r8hx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-m2mr-9qeb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.8.4-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community" }