Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/56148?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/56148?format=api", "purl": "pkg:pypi/plone@4.1a0", "type": "pypi", "namespace": "", "name": "plone", "version": "4.1a0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.6", "latest_non_vulnerable_version": "6.0.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34733?format=api", "vulnerability_id": "VCID-3buw-zes9-ukg4", "summary": "Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.", "references": [ { "reference_url": "http://osvdb.org/72728", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/72728" }, { "reference_url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone/security/advisories/CVE-2011-1949" }, { "reference_url": "http://secunia.com/advisories/44775", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44775" }, { "reference_url": "http://secunia.com/advisories/44776", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44776" }, { "reference_url": "http://securityreason.com/securityalert/8269", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/8269" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67694" }, { "reference_url": "https://github.com/advisories/GHSA-h6hq-c896-w882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h6hq-c896-w882" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-15.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-15.yaml" }, { "reference_url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/518155/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/48005", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/48005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1949", "reference_id": "CVE-2011-1949", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" } ], "aliases": [ "CVE-2011-1949", "GHSA-h6hq-c896-w882", "PYSEC-2011-15" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3buw-zes9-ukg4" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1a0" }