Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/537326?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/537326?format=api", "purl": "pkg:maven/org.opencrx/opencrx-client@4.3-alpha-1", "type": "maven", "namespace": "org.opencrx", "name": "opencrx-client", "version": "4.3-alpha-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.0", "latest_non_vulnerable_version": "5.3.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108827?format=api", "vulnerability_id": "VCID-q8ya-v567-wyf7", "summary": "OpenCRX vulnerable to password enumeration via error messages in password reset\nOpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46242", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46207", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46222", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46172", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46195", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40084" }, { "reference_url": "https://cwe.mitre.org/data/definitions/204.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwe.mitre.org/data/definitions/204.html" }, { "reference_url": "https://github.com/ciph0x01/OpenCRX-CVE/blob/main/CVE-2022-40084.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:49:12Z/" } ], "url": "https://github.com/ciph0x01/OpenCRX-CVE/blob/main/CVE-2022-40084.md" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40084", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40084" }, { "reference_url": "https://cwe.mitre.org/data/definitions/204.html#:~:text=User%20enumeration%20via%20discrepancies%20in%20error%20messages.%2C-CVE-2004-0294&text=Bulletin%20Board%20displays%20different%20error%2Cbrute%20force%20password%20guessing%20attack.", "reference_id": "204.html#:~:text=User%20enumeration%20via%20discrepancies%20in%20error%20messages.%2C-CVE-2004-0294&text=Bulletin%20Board%20displays%20different%20error%2Cbrute%20force%20password%20guessing%20attack.", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:49:12Z/" } ], "url": "https://cwe.mitre.org/data/definitions/204.html#:~:text=User%20enumeration%20via%20discrepancies%20in%20error%20messages.%2C-CVE-2004-0294&text=Bulletin%20Board%20displays%20different%20error%2Cbrute%20force%20password%20guessing%20attack." }, { "reference_url": "https://github.com/advisories/GHSA-j5v3-363p-g843", "reference_id": "GHSA-j5v3-363p-g843", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5v3-363p-g843" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144944?format=api", "purl": "pkg:maven/org.opencrx/opencrx-client@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-x8j9-8jej-n3em" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.opencrx/opencrx-client@5.2.2" } ], "aliases": [ "CVE-2022-40084", "GHSA-j5v3-363p-g843" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8ya-v567-wyf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46311?format=api", "vulnerability_id": "VCID-x8j9-8jej-n3em", "summary": "Improper Restriction of XML External Entity Reference\nAn issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62494", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62492", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62493", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62502", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62478", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46502" }, { "reference_url": "https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-09T20:13:34Z/" } ], "url": "https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e" }, { "reference_url": "https://github.com/opencrx/opencrx", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencrx/opencrx" }, { "reference_url": "https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-09T20:13:34Z/" } ], "url": "https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46502", "reference_id": "CVE-2023-46502", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46502" }, { "reference_url": "https://github.com/advisories/GHSA-q74f-rf27-8hxc", "reference_id": "GHSA-q74f-rf27-8hxc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q74f-rf27-8hxc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67586?format=api", "purl": "pkg:maven/org.opencrx/opencrx-client@5.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.opencrx/opencrx-client@5.3.0" } ], "aliases": [ "CVE-2023-46502", "GHSA-q74f-rf27-8hxc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8j9-8jej-n3em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41517?format=api", "vulnerability_id": "VCID-yesb-u6ap-rygk", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60799", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60807", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60814", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60802", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60785", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25959" }, { "reference_url": "https://github.com/opencrx/opencrx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencrx/opencrx" }, { "reference_url": "https://github.com/opencrx/opencrx/commit/14e75f95e5f56fbe7ee897bdf5d858788072e818", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencrx/opencrx/commit/14e75f95e5f56fbe7ee897bdf5d858788072e818" }, { "reference_url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25959", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25959" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25959", "reference_id": "CVE-2021-25959", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25959" }, { "reference_url": "https://github.com/advisories/GHSA-rwh9-8xx8-4wfm", "reference_id": "GHSA-rwh9-8xx8-4wfm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rwh9-8xx8-4wfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59181?format=api", "purl": "pkg:maven/org.opencrx/opencrx-client@5.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ya-v567-wyf7" }, { "vulnerability": "VCID-x8j9-8jej-n3em" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.opencrx/opencrx-client@5.2.0" } ], "aliases": [ "CVE-2021-25959", "GHSA-rwh9-8xx8-4wfm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yesb-u6ap-rygk" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.opencrx/opencrx-client@4.3-alpha-1" }