Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/525095?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/525095?format=api", "purl": "pkg:deb/debian/gdb@7.4.1-1.1", "type": "deb", "namespace": "debian", "name": "gdb", "version": "7.4.1-1.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.1-1", "latest_non_vulnerable_version": "10.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69804?format=api", "vulnerability_id": "VCID-6134-zwv5-3ffr", "summary": "GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4355.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36998", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37089", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37097", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37064", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37025", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37038", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4355" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=703238", "reference_id": "703238", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0522", "reference_id": "RHSA-2013:0522", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0522" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/525098?format=api", "purl": "pkg:deb/debian/gdb@7.6.2-1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rqt3-b4e1-q7hh" }, { "vulnerability": "VCID-sq8v-7zdq-6yhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdb@7.6.2-1.1" } ], "aliases": [ "CVE-2011-4355" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6134-zwv5-3ffr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69809?format=api", "vulnerability_id": "VCID-rqt3-b4e1-q7hh", "summary": "GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.5343", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.5349", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53499", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53482", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53457", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.5348", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466255", "reference_id": "1466255", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466255" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865607", "reference_id": "865607", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865607" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582914?format=api", "purl": "pkg:deb/debian/gdb@10.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdb@10.1-1" } ], "aliases": [ "CVE-2017-9778" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqt3-b4e1-q7hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60318?format=api", "vulnerability_id": "VCID-sq8v-7zdq-6yhx", "summary": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9939.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9939.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59666", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59717", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5972", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59711", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59692", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5971", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9939" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250129", "reference_id": "1250129", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250129" }, { "reference_url": "https://usn.ubuntu.com/3367-1/", "reference_id": "USN-3367-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3367-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/525103?format=api", "purl": "pkg:deb/debian/gdb@7.11.1-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rqt3-b4e1-q7hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdb@7.11.1-2~bpo8%252B1" } ], "aliases": [ "CVE-2014-9939" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sq8v-7zdq-6yhx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69801?format=api", "vulnerability_id": "VCID-cfn1-19hx-r3hy", "summary": "Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4146.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01258", "scoring_system": "epss", "scoring_elements": "0.79732", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01258", "scoring_system": "epss", "scoring_elements": "0.79757", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01258", "scoring_system": "epss", "scoring_elements": "0.79763", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01258", "scoring_system": "epss", "scoring_elements": "0.79758", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01258", "scoring_system": "epss", "scoring_elements": "0.79748", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01258", "scoring_system": "epss", "scoring_elements": "0.79767", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=203875", "reference_id": "203875", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=203875" }, { "reference_url": "https://security.gentoo.org/glsa/200711-23", "reference_id": "GLSA-200711-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0229", "reference_id": "RHSA-2007:0229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0469", "reference_id": "RHSA-2007:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0469" }, { "reference_url": "https://usn.ubuntu.com/356-1/", "reference_id": "USN-356-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/356-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/525095?format=api", "purl": "pkg:deb/debian/gdb@7.4.1-1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6134-zwv5-3ffr" }, { "vulnerability": "VCID-rqt3-b4e1-q7hh" }, { "vulnerability": "VCID-sq8v-7zdq-6yhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdb@7.4.1-1.1" } ], "aliases": [ "CVE-2006-4146" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfn1-19hx-r3hy" } ], "risk_score": "1.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdb@7.4.1-1.1" }