Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/505920?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/505920?format=api", "purl": "pkg:ebuild/net-print/cups@1.3.10", "type": "ebuild", "namespace": "net-print", "name": "cups", "version": "1.3.10", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.4.8-r1", "latest_non_vulnerable_version": "3.01-r2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65541?format=api", "vulnerability_id": "VCID-6hkc-auxp-6yht", "summary": "The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0164.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04186", "scoring_system": "epss", "scoring_elements": "0.88904", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04186", "scoring_system": "epss", "scoring_elements": "0.88921", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04186", "scoring_system": "epss", "scoring_elements": "0.88922", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04186", "scoring_system": "epss", "scoring_elements": "0.88938", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=490597", "reference_id": "490597", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490597" }, { "reference_url": "https://security.gentoo.org/glsa/200904-20", "reference_id": "GLSA-200904-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505920?format=api", "purl": "pkg:ebuild/net-print/cups@1.3.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-print/cups@1.3.10" } ], "aliases": [ "CVE-2009-0164" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hkc-auxp-6yht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65539?format=api", "vulnerability_id": "VCID-neug-nxbs-xqcw", "summary": "Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0147.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85291", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85314", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.8532", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05325", "scoring_system": "epss", "scoring_elements": "0.90227", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05325", "scoring_system": "epss", "scoring_elements": "0.90243", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=490614", "reference_id": "490614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490614" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/200904-20", "reference_id": "GLSA-200904-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-20" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505920?format=api", "purl": "pkg:ebuild/net-print/cups@1.3.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-print/cups@1.3.10" } ], "aliases": [ "CVE-2009-0147" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-neug-nxbs-xqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65538?format=api", "vulnerability_id": "VCID-nmcj-bzmn-uqcm", "summary": "Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0146.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01745", "scoring_system": "epss", "scoring_elements": "0.8288", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01745", "scoring_system": "epss", "scoring_elements": "0.82906", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01745", "scoring_system": "epss", "scoring_elements": "0.82902", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87377", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87389", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612", "reference_id": "490612", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/200904-20", "reference_id": "GLSA-200904-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-20" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505920?format=api", "purl": "pkg:ebuild/net-print/cups@1.3.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-print/cups@1.3.10" } ], "aliases": [ "CVE-2009-0146" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmcj-bzmn-uqcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65542?format=api", "vulnerability_id": "VCID-qy8a-uthf-a7b6", "summary": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0166.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0519", "scoring_system": "epss", "scoring_elements": "0.90088", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0519", "scoring_system": "epss", "scoring_elements": "0.90104", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0519", "scoring_system": "epss", "scoring_elements": "0.90103", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0519", "scoring_system": "epss", "scoring_elements": "0.90101", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.10043", "scoring_system": "epss", "scoring_elements": "0.93211", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.10043", "scoring_system": "epss", "scoring_elements": "0.93218", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625", "reference_id": "490625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/200904-20", "reference_id": "GLSA-200904-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-20" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505920?format=api", "purl": "pkg:ebuild/net-print/cups@1.3.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-print/cups@1.3.10" } ], "aliases": [ "CVE-2009-0166" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qy8a-uthf-a7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65540?format=api", "vulnerability_id": "VCID-uw3v-q3yq-4khu", "summary": "Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0163.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04652", "scoring_system": "epss", "scoring_elements": "0.89504", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04652", "scoring_system": "epss", "scoring_elements": "0.8952", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0495", "scoring_system": "epss", "scoring_elements": "0.89829", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0495", "scoring_system": "epss", "scoring_elements": "0.89845", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0495", "scoring_system": "epss", "scoring_elements": "0.89846", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0495", "scoring_system": "epss", "scoring_elements": "0.89844", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=490596", "reference_id": "490596", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490596" }, { "reference_url": "https://security.gentoo.org/glsa/200904-20", "reference_id": "GLSA-200904-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0428", "reference_id": "RHSA-2009:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://usn.ubuntu.com/760-1/", "reference_id": "USN-760-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/760-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505920?format=api", "purl": "pkg:ebuild/net-print/cups@1.3.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-print/cups@1.3.10" } ], "aliases": [ "CVE-2009-0163" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uw3v-q3yq-4khu" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-print/cups@1.3.10" }