Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/558272?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/558272?format=api", "purl": "pkg:composer/rudloff/alltube@0.7.1", "type": "composer", "namespace": "rudloff", "name": "alltube", "version": "0.7.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.3", "latest_non_vulnerable_version": "3.0.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42606?format=api", "vulnerability_id": "VCID-ae46-12tr-ekds", "summary": "Server-Side Request Forgery (SSRF)\nalltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48164", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48194", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48182", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48211", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.4823", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48227", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24739" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/rudloff/alltube/CVE-2022-24739.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/rudloff/alltube/CVE-2022-24739.yaml" }, { "reference_url": "https://github.com/Rudloff/alltube", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Rudloff/alltube" }, { "reference_url": "https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:51Z/" } ], "url": "https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d" }, { "reference_url": "https://github.com/Rudloff/alltube/commit/8913f27716400dabf4906a5ad690a5238f73496a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:51Z/" } ], "url": "https://github.com/Rudloff/alltube/commit/8913f27716400dabf4906a5ad690a5238f73496a" }, { "reference_url": "https://github.com/Rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:51Z/" } ], "url": "https://github.com/Rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a" }, { "reference_url": "https://github.com/Rudloff/alltube/releases/tag/3.0.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Rudloff/alltube/releases/tag/3.0.3" }, { "reference_url": "https://github.com/ytdl-org/youtube-dl/issues/30691", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ytdl-org/youtube-dl/issues/30691" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24739", "reference_id": "CVE-2022-24739", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24739" }, { "reference_url": "https://github.com/advisories/GHSA-75p7-527p-w8wp", "reference_id": "GHSA-75p7-527p-w8wp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75p7-527p-w8wp" }, { "reference_url": "https://github.com/Rudloff/alltube/security/advisories/GHSA-75p7-527p-w8wp", "reference_id": "GHSA-75p7-527p-w8wp", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:51Z/" } ], "url": "https://github.com/Rudloff/alltube/security/advisories/GHSA-75p7-527p-w8wp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60926?format=api", "purl": "pkg:composer/rudloff/alltube@3.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/rudloff/alltube@3.0.3" } ], "aliases": [ "CVE-2022-24739", "GHSA-75p7-527p-w8wp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ae46-12tr-ekds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42504?format=api", "vulnerability_id": "VCID-hja3-wkzu-nfc5", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nOpen Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20834", "scoring_system": "epss", "scoring_elements": "0.95723", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.20834", "scoring_system": "epss", "scoring_elements": "0.95738", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.20834", "scoring_system": "epss", "scoring_elements": "0.95734", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.20834", "scoring_system": "epss", "scoring_elements": "0.95733", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.20834", "scoring_system": "epss", "scoring_elements": "0.95729", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0692" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/rudloff/alltube/CVE-2022-0692.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/rudloff/alltube/CVE-2022-0692.yaml" }, { "reference_url": "https://github.com/Rudloff/alltube", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Rudloff/alltube" }, { "reference_url": "https://github.com/rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a" }, { "reference_url": "https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0692", "reference_id": "CVE-2022-0692", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0692" }, { "reference_url": "https://github.com/advisories/GHSA-jmhf-9fj8-88gh", "reference_id": "GHSA-jmhf-9fj8-88gh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmhf-9fj8-88gh" }, { "reference_url": "https://github.com/Rudloff/alltube/security/advisories/GHSA-jmhf-9fj8-88gh", "reference_id": "GHSA-jmhf-9fj8-88gh", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Rudloff/alltube/security/advisories/GHSA-jmhf-9fj8-88gh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60780?format=api", "purl": "pkg:composer/rudloff/alltube@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ae46-12tr-ekds" }, { "vulnerability": "VCID-tsca-5c75-vqga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/rudloff/alltube@3.0.1" } ], "aliases": [ "CVE-2022-0692", "GHSA-jmhf-9fj8-88gh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hja3-wkzu-nfc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42549?format=api", "vulnerability_id": "VCID-tsca-5c75-vqga", "summary": "Server-Side Request Forgery (SSRF) in rudloff/alltube\nServer-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00847", "scoring_system": "epss", "scoring_elements": "0.75207", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00847", "scoring_system": "epss", "scoring_elements": "0.75244", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00847", "scoring_system": "epss", "scoring_elements": "0.75218", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00847", "scoring_system": "epss", "scoring_elements": "0.75231", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00847", "scoring_system": "epss", "scoring_elements": "0.75239", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00847", "scoring_system": "epss", "scoring_elements": "0.75237", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0768" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/rudloff/alltube/CVE-2022-0768.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/rudloff/alltube/CVE-2022-0768.yaml" }, { "reference_url": "https://github.com/Rudloff/alltube", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Rudloff/alltube" }, { "reference_url": "https://github.com/rudloff/alltube/commit/148a171b240e7ceb076b9e198bef412de14ac55d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rudloff/alltube/commit/148a171b240e7ceb076b9e198bef412de14ac55d" }, { "reference_url": "https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d" }, { "reference_url": "https://huntr.dev/bounties/9b14cc46-ec08-4940-83cc-9f986b2a5903", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/9b14cc46-ec08-4940-83cc-9f986b2a5903" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0768", "reference_id": "CVE-2022-0768", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0768" }, { "reference_url": "https://github.com/advisories/GHSA-r5hc-wm3g-hjw6", "reference_id": "GHSA-r5hc-wm3g-hjw6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r5hc-wm3g-hjw6" }, { "reference_url": "https://github.com/Rudloff/alltube/security/advisories/GHSA-r5hc-wm3g-hjw6", "reference_id": "GHSA-r5hc-wm3g-hjw6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Rudloff/alltube/security/advisories/GHSA-r5hc-wm3g-hjw6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60835?format=api", "purl": "pkg:composer/rudloff/alltube@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ae46-12tr-ekds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/rudloff/alltube@3.0.2" } ], "aliases": [ "CVE-2022-0768", "GHSA-r5hc-wm3g-hjw6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tsca-5c75-vqga" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/rudloff/alltube@0.7.1" }