Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/510422?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/510422?format=api", "purl": "pkg:deb/debian/ruby-httparty@0.21.0-1", "type": "deb", "namespace": "debian", "name": "ruby-httparty", "version": "0.21.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.24.2-2", "latest_non_vulnerable_version": "0.24.2-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49500?format=api", "vulnerability_id": "VCID-vs3q-ag4n-5khv", "summary": "httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage\nThere may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21111", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20998", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20989", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21052", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21098", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68696" }, { "reference_url": "https://github.com/jnunemaker/httparty", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jnunemaker/httparty" }, { "reference_url": "https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:31:55Z/" } ], "url": "https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123966", "reference_id": "1123966", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424798", "reference_id": "2424798", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424798" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68696", "reference_id": "CVE-2025-68696", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68696" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2025-68696.yml", "reference_id": "CVE-2025-68696.YML", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2025-68696.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hm5p-x4rq-38w4", "reference_id": "GHSA-hm5p-x4rq-38w4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hm5p-x4rq-38w4" }, { "reference_url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4", "reference_id": "GHSA-hm5p-x4rq-38w4", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:31:55Z/" } ], "url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510423?format=api", "purl": "pkg:deb/debian/ruby-httparty@0.24.2-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-httparty@0.24.2-2" } ], "aliases": [ "CVE-2025-68696", "GHSA-hm5p-x4rq-38w4" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vs3q-ag4n-5khv" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51619?format=api", "vulnerability_id": "VCID-h9qc-8jmg-bqbg", "summary": "httparty has multipart/form-data request tampering vulnerability\nHTTP multipart/form-data request tampering vulnerability in httparty < 0.20.0,\ndue to lack of proper escaping of double quotes within the filename attribute\nof the Content-Disposition header. If the Content-Disposition header is set to\n\"form-data\" and contains the \"filename\" attribute, and the \"filename\"\nattribute contains a double quote followed by additional attributes, then\nthose attributes will be parsed as Content-Disposition attributes and will\noverride the Content-Disposition header's previous attributes.\n\n Content-Disposition: form-data; name=\"avatar\"; filename=\"overwrite_name_field_and_extension.sh\"; name=\"foo\"; dummy=\".txt\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01196", "scoring_system": "epss", "scoring_elements": "0.79233", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01196", "scoring_system": "epss", "scoring_elements": "0.79241", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01196", "scoring_system": "epss", "scoring_elements": "0.79223", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01196", "scoring_system": "epss", "scoring_elements": "0.79236", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01196", "scoring_system": "epss", "scoring_elements": "0.79242", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22049" }, { "reference_url": "https://github.com/jnunemaker/httparty", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jnunemaker/httparty" }, { "reference_url": "https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:58:32Z/" } ], "url": "https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43" }, { "reference_url": "https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:58:32Z/" } ], "url": "https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2024-22049.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2024-22049.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LDGAVPR4KB72V4GGQCWODEAI72QZI3V/", "reference_id": "4LDGAVPR4KB72V4GGQCWODEAI72QZI3V", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:58:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LDGAVPR4KB72V4GGQCWODEAI72QZI3V/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22049", "reference_id": "CVE-2024-22049", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22049" }, { "reference_url": "https://github.com/advisories/GHSA-5pq7-52mg-hr42", "reference_id": "GHSA-5pq7-52mg-hr42", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:58:32Z/" } ], "url": "https://github.com/advisories/GHSA-5pq7-52mg-hr42" }, { "reference_url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42", "reference_id": "GHSA-5pq7-52mg-hr42", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:58:32Z/" } ], "url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOWECZPJY6JZIA5FSBJR77KCRDXWDZDA/", "reference_id": "IOWECZPJY6JZIA5FSBJR77KCRDXWDZDA", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:58:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOWECZPJY6JZIA5FSBJR77KCRDXWDZDA/" }, { "reference_url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42", "reference_id": "vc-advisory-GHSA-5pq7-52mg-hr42", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:58:32Z/" } ], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510422?format=api", "purl": "pkg:deb/debian/ruby-httparty@0.21.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vs3q-ag4n-5khv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-httparty@0.21.0-1" } ], "aliases": [ "CVE-2024-22049", "GHSA-5pq7-52mg-hr42", "GMS-2023-1" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9qc-8jmg-bqbg" } ], "risk_score": "4.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-httparty@0.21.0-1" }