Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/505842?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/505842?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@1.5", "type": "ebuild", "namespace": "www-client", "name": "mozilla-firefox-bin", "version": "1.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.5.0.3", "latest_non_vulnerable_version": "10.0.11", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2505?format=api", "vulnerability_id": "VCID-mp62-js24-akfh", "summary": "Martijn Wargers and Nick Mott each described crashes that were discovered\nto ultimately stem from the same root cause: attempting to use a deleted\ncontroller context when designMode was turned on. This generally\nresults in crashing the browser, but in theory references to deleted objects\ncan be abused to run malicious code.\"splices\" reported the same crash at the fan site MozillaZine\nand on Bugtraq, incorrectly describing it as a buffer overflow.Update (31 July 2006)The advisory originally stated that older clients (Firefox 1.0.x and the Mozilla\nSuite 1.7.x) were unaffected. This is incorrect as demonstrated by the testcase\nMoBB#4 at the Browser Fun Blog. Those clients were already at risk from\nmany other published vulnerabilities and should no longer be used.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.5731", "scoring_system": "epss", "scoring_elements": "0.98186", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.5731", "scoring_system": "epss", "scoring_elements": "0.98189", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.5731", "scoring_system": "epss", "scoring_elements": "0.9819", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1993" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364810", "reference_id": "364810", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1993", "reference_id": "CVE-2006-1993", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1993" }, { "reference_url": "https://security.gentoo.org/glsa/200605-06", "reference_id": "GLSA-200605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-30", "reference_id": "mfsa2006-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-30" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/1716.html", "reference_id": "OSVDB-24967;CVE-2006-1993", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/1716.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505843?format=api", "purl": "pkg:ebuild/www-client/mozilla-firefox-bin@1.5.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@1.5.0.3" } ], "aliases": [ "CVE-2006-1993" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mp62-js24-akfh" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@1.5" }