Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/552165?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/552165?format=api", "purl": "pkg:deb/debian/ganglia@3.6.0-6", "type": "deb", "namespace": "debian", "name": "ganglia", "version": "3.6.0-6", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69748?format=api", "vulnerability_id": "VCID-48dr-798h-w3bd", "summary": "Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6395", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.66205", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.66257", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.66266", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.66249", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.66236", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.66253", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6395" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507", "reference_id": "730507", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/552165?format=api", "purl": "pkg:deb/debian/ganglia@3.6.0-6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ganglia@3.6.0-6" } ], "aliases": [ "CVE-2013-6395" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48dr-798h-w3bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69746?format=api", "vulnerability_id": "VCID-5dqy-3q9d-b7g5", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53047", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53107", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53115", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53097", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53072", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0275" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700158", "reference_id": "700158", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700158" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700159", "reference_id": "700159", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700159" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/552165?format=api", "purl": "pkg:deb/debian/ganglia@3.6.0-6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ganglia@3.6.0-6" } ], "aliases": [ "CVE-2013-0275" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dqy-3q9d-b7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69749?format=api", "vulnerability_id": "VCID-8rfd-3b8g-g3hw", "summary": "ganglia-web before 3.7.1 allows remote attackers to bypass authentication.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6816", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0211", "scoring_system": "epss", "scoring_elements": "0.84419", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0211", "scoring_system": "epss", "scoring_elements": "0.84443", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0211", "scoring_system": "epss", "scoring_elements": "0.84446", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0211", "scoring_system": "epss", "scoring_elements": "0.84438", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0211", "scoring_system": "epss", "scoring_elements": "0.84427", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0211", "scoring_system": "epss", "scoring_elements": "0.8444", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6816" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798213", "reference_id": "798213", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798213" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/552165?format=api", "purl": "pkg:deb/debian/ganglia@3.6.0-6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ganglia@3.6.0-6" } ], "aliases": [ "CVE-2015-6816" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8rfd-3b8g-g3hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69747?format=api", "vulnerability_id": "VCID-uauy-8yr4-77bc", "summary": "Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61461", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61508", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61514", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61502", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61486", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61507", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1770" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700158", "reference_id": "700158", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700158" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700159", "reference_id": "700159", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700159" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/552165?format=api", "purl": "pkg:deb/debian/ganglia@3.6.0-6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ganglia@3.6.0-6" } ], "aliases": [ "CVE-2013-1770" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uauy-8yr4-77bc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ganglia@3.6.0-6" }