Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/533061?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/533061?format=api", "purl": "pkg:deb/debian/apr@1.5.2-5", "type": "deb", "namespace": "debian", "name": "apr", "version": "1.5.2-5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.7.2-3+deb12u1", "latest_non_vulnerable_version": "1.7.2-3+deb12u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58712?format=api", "vulnerability_id": "VCID-3yp3-unxa-ubej", "summary": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24963.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34781", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34842", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34877", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34894", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34858", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34821", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24963" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", "reference_id": "2169465", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465" }, { "reference_url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", "reference_id": "fw9p6sdncwsjkstwc066vz57xqzfksq9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:33:34Z/" } ], "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230908-0008/", "reference_id": "ntap-20230908-0008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:33:34Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230908-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4909", "reference_id": "RHSA-2023:4909", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4910", "reference_id": "RHSA-2023:4910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7711", "reference_id": "RHSA-2023:7711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7711" }, { "reference_url": "https://usn.ubuntu.com/5885-1/", "reference_id": "USN-5885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511042?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2" } ], "aliases": [ "CVE-2022-24963" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3yp3-unxa-ubej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3438?format=api", "vulnerability_id": "VCID-kpzd-zunz-gqau", "summary": "information disclosure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21919", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21891", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21939", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2188", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.22001", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21987", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35940" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980328", "reference_id": "1980328", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980328" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789", "reference_id": "992789", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789" }, { "reference_url": "https://security.archlinux.org/AVG-2313", "reference_id": "AVG-2313", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2313" }, { "reference_url": "https://usn.ubuntu.com/5056-1/", "reference_id": "USN-5056-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5056-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511042?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2" } ], "aliases": [ "CVE-2021-35940" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpzd-zunz-gqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58711?format=api", "vulnerability_id": "VCID-uan4-ejd9-y3cw", "summary": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4841", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48443", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48478", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48459", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48431", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48472", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:M/C:P/I:N/A:P" }, { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523", "reference_id": "1506523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708", "reference_id": "879708", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708" }, { "reference_url": "https://security.archlinux.org/ASA-201710-32", "reference_id": "ASA-201710-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-32" }, { "reference_url": "https://security.archlinux.org/AVG-469", "reference_id": "AVG-469", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3270", "reference_id": "RHSA-2017:3270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3270" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0316", "reference_id": "RHSA-2018:0316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1253", "reference_id": "RHSA-2018:1253", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1253" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/533062?format=api", "purl": "pkg:deb/debian/apr@1.6.5-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yp3-unxa-ubej" }, { "vulnerability": "VCID-kpzd-zunz-gqau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.6.5-1" } ], "aliases": [ "CVE-2017-12613" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uan4-ejd9-y3cw" } ], "fixing_vulnerabilities": [], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.5.2-5" }