Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/518646?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/518646?format=api", "purl": "pkg:deb/debian/nagios-nrpe@2.5.1-3", "type": "deb", "namespace": "debian", "name": "nagios-nrpe", "version": "2.5.1-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.0.3-1", "latest_non_vulnerable_version": "4.0.3-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94318?format=api", "vulnerability_id": "VCID-43d1-cewz-qqgv", "summary": "Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \\n as the character \\ and the character n (not as the \\n newline sequence). This can cause command injection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6581.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6581.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45582", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.4565", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45653", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45634", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45608", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45622", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6581" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816801", "reference_id": "1816801", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/618614?format=api", "purl": "pkg:deb/debian/nagios-nrpe@4.0.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nagios-nrpe@4.0.3-1" } ], "aliases": [ "CVE-2020-6581" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43d1-cewz-qqgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94316?format=api", "vulnerability_id": "VCID-62r6-hgny-8fgw", "summary": "Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via \"$()\" shell metacharacters, which are processed by bash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1362.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76437", "scoring_system": "epss", "scoring_elements": "0.98956", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.76437", "scoring_system": "epss", "scoring_elements": "0.98957", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.76437", "scoring_system": "epss", "scoring_elements": "0.98959", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.76437", "scoring_system": "epss", "scoring_elements": "0.98958", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1362" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701227", "reference_id": "701227", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701227" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=916947", "reference_id": "916947", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916947" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24955.rb", "reference_id": "CVE-2013-1362;OSVDB-90582", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24955.rb" }, { "reference_url": "https://security.gentoo.org/glsa/201408-18", "reference_id": "GLSA-201408-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/518649?format=api", "purl": "pkg:deb/debian/nagios-nrpe@2.13-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-43d1-cewz-qqgv" }, { "vulnerability": "VCID-fsa3-8fjq-5ub7" }, { "vulnerability": "VCID-n36b-1q1q-qub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nagios-nrpe@2.13-3" } ], "aliases": [ "CVE-2013-1362" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-62r6-hgny-8fgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94317?format=api", "vulnerability_id": "VCID-fsa3-8fjq-5ub7", "summary": "Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as \"expected behavior.\" Also, this issue can only occur when the administrator enables the \"dont_blame_nrpe\" option in nrpe.conf despite the \"HIGH security risk\" warning within the comments", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2913.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1857", "scoring_system": "epss", "scoring_elements": "0.95381", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1857", "scoring_system": "epss", "scoring_elements": "0.95389", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.1857", "scoring_system": "epss", "scoring_elements": "0.95392", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.1857", "scoring_system": "epss", "scoring_elements": "0.95394", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.1857", "scoring_system": "epss", "scoring_elements": "0.95398", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2913" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1089878", "reference_id": "1089878", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1089878" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745272", "reference_id": "745272", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745272" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/34461.py", "reference_id": "CVE-2014-2913;OSVDB-106007", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/34461.py" }, { "reference_url": "https://security.gentoo.org/glsa/201408-18", "reference_id": "GLSA-201408-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-18" }, { "reference_url": "http://legalhackers.com/advisories/nagios-nrpe.txt", "reference_id": "OSVDB-106007;CVE-2014-2913", "reference_type": "exploit", "scores": [], "url": "http://legalhackers.com/advisories/nagios-nrpe.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32925.txt", "reference_id": "OSVDB-106007;CVE-2014-2913", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32925.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/576173?format=api", "purl": "pkg:deb/debian/nagios-nrpe@2.15-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-43d1-cewz-qqgv" }, { "vulnerability": "VCID-n36b-1q1q-qub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nagios-nrpe@2.15-1" } ], "aliases": [ "CVE-2014-2913" ], "risk_score": 0.4, "exploitability": "2.0", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fsa3-8fjq-5ub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94319?format=api", "vulnerability_id": "VCID-n36b-1q1q-qub1", "summary": "Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6582.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6582.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01636", "scoring_system": "epss", "scoring_elements": "0.82261", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01636", "scoring_system": "epss", "scoring_elements": "0.82291", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01636", "scoring_system": "epss", "scoring_elements": "0.82285", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01636", "scoring_system": "epss", "scoring_elements": "0.82299", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6582" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6582", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6582" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816813", "reference_id": "1816813", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816813" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/618614?format=api", "purl": "pkg:deb/debian/nagios-nrpe@4.0.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nagios-nrpe@4.0.3-1" } ], "aliases": [ "CVE-2020-6582" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n36b-1q1q-qub1" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nagios-nrpe@2.5.1-3" }