Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/557812?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/557812?format=api", "purl": "pkg:composer/appwrite/server-ce@0.4.0", "type": "composer", "namespace": "appwrite", "name": "server-ce", "version": "0.4.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109108?format=api", "vulnerability_id": "VCID-4ptx-3zht-g7b8", "summary": "Appwrite Vulnerable to Cross-site Scripting\nAppwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57599", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57638", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.5766", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57651", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2925" }, { "reference_url": "https://drive.google.com/file/d/1JoMQy1KTodVtIVOzH3vKcC3AwZz0PrFb/view?usp=sharing", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://drive.google.com/file/d/1JoMQy1KTodVtIVOzH3vKcC3AwZz0PrFb/view?usp=sharing" }, { "reference_url": "https://github.com/appwrite/appwrite", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/appwrite/appwrite" }, { "reference_url": "https://github.com/appwrite/appwrite/commit/b5b4d92623c13fa8e5c71736db461e81fb7a7ade", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/appwrite/appwrite/commit/b5b4d92623c13fa8e5c71736db461e81fb7a7ade" }, { "reference_url": "https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2925", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2925" }, { "reference_url": "https://github.com/advisories/GHSA-5ffj-mph5-c5hv", "reference_id": "GHSA-5ffj-mph5-c5hv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5ffj-mph5-c5hv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145800?format=api", "purl": "pkg:composer/appwrite/server-ce@1.0.0-RC1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dtju-jew3-3qgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@1.0.0-RC1" }, { "url": "http://public2.vulnerablecode.io/api/packages/504304?format=api", "purl": "pkg:composer/appwrite/server-ce@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dtju-jew3-3qgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@1.0.0" } ], "aliases": [ "CVE-2022-2925", "GHSA-5ffj-mph5-c5hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ptx-3zht-g7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44809?format=api", "vulnerability_id": "VCID-dtju-jew3-3qgz", "summary": "Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.", "references": [ { "reference_url": "http://appwrite.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/" } ], "url": "http://appwrite.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76972", "scoring_system": "epss", "scoring_elements": "0.98981", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.76972", "scoring_system": "epss", "scoring_elements": "0.9898", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.76972", "scoring_system": "epss", "scoring_elements": "0.98983", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27159" }, { "reference_url": "https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/" } ], "url": "https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a" }, { "reference_url": "https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/" } ], "url": "https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb" }, { "reference_url": "https://github.com/appwrite/appwrite", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/" } ], "url": "https://github.com/appwrite/appwrite" }, { "reference_url": "https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:08:46Z/" } ], "url": "https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27159", "reference_id": "CVE-2023-27159", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27159" }, { "reference_url": "https://github.com/advisories/GHSA-hxgx-584x-vwm8", "reference_id": "GHSA-hxgx-584x-vwm8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hxgx-584x-vwm8" } ], "fixed_packages": [], "aliases": [ "CVE-2023-27159", "GHSA-hxgx-584x-vwm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dtju-jew3-3qgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42437?format=api", "vulnerability_id": "VCID-x7wu-vcge-33g6", "summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nThis affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05384", "scoring_system": "epss", "scoring_elements": "0.90277", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05384", "scoring_system": "epss", "scoring_elements": "0.90289", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05384", "scoring_system": "epss", "scoring_elements": "0.9029", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05384", "scoring_system": "epss", "scoring_elements": "0.90292", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23682" }, { "reference_url": "https://github.com/appwrite/appwrite/pull/2778", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/appwrite/appwrite/pull/2778" }, { "reference_url": "https://github.com/appwrite/appwrite/releases/tag/0.11.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/appwrite/appwrite/releases/tag/0.11.1" }, { "reference_url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2" }, { "reference_url": "https://github.com/litespeed-js/litespeed.js/pull/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/litespeed-js/litespeed.js/pull/18" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23682", "reference_id": "CVE-2021-23682", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23682" }, { "reference_url": "https://github.com/advisories/GHSA-v9p9-535w-4285", "reference_id": "GHSA-v9p9-535w-4285", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v9p9-535w-4285" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60724?format=api", "purl": "pkg:composer/appwrite/server-ce@0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ptx-3zht-g7b8" }, { "vulnerability": "VCID-dtju-jew3-3qgz" }, { "vulnerability": "VCID-qx2s-2peg-2fa6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60725?format=api", "purl": "pkg:composer/appwrite/server-ce@0.12.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ptx-3zht-g7b8" }, { "vulnerability": "VCID-dtju-jew3-3qgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.2" } ], "aliases": [ "CVE-2021-23682", "GHSA-v9p9-535w-4285" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7wu-vcge-33g6" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.4.0" }