Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/562641?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/562641?format=api", "purl": "pkg:npm/vditor@2.1.4", "type": "npm", "namespace": "", "name": "vditor", "version": "2.1.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.8.13", "latest_non_vulnerable_version": "3.10.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44503?format=api", "vulnerability_id": "VCID-a4ch-e314-wfc8", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nVditor is a browser-side Markdown editor. Versions prior to 3.8.7 is vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52405", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52425", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52417", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52356", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32855" }, { "reference_url": "https://github.com/Vanessa219/vditor", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Vanessa219/vditor" }, { "reference_url": "https://github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:23Z/" } ], "url": "https://github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146" }, { "reference_url": "https://github.com/Vanessa219/vditor/issues/1085", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:23Z/" } ], "url": "https://github.com/Vanessa219/vditor/issues/1085" }, { "reference_url": "https://securitylab.github.com/advisories/GHSL-2021-1006-vditor", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://securitylab.github.com/advisories/GHSL-2021-1006-vditor" }, { "reference_url": "https://securitylab.github.com/advisories/GHSL-2021-1006-vditor/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:23Z/" } ], "url": "https://securitylab.github.com/advisories/GHSL-2021-1006-vditor/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32855", "reference_id": "CVE-2021-32855", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32855" }, { "reference_url": "https://github.com/advisories/GHSA-vfmp-9999-6wqj", "reference_id": "GHSA-vfmp-9999-6wqj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfmp-9999-6wqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64028?format=api", "purl": "pkg:npm/vditor@3.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bvq3-s9r6-dkdv" }, { "vulnerability": "VCID-dnkm-ry7a-6kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/vditor@3.8.7" } ], "aliases": [ "CVE-2021-32855", "GHSA-vfmp-9999-6wqj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4ch-e314-wfc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42647?format=api", "vulnerability_id": "VCID-bvq3-s9r6-dkdv", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33963", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34048", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3408", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34065", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0341" }, { "reference_url": "https://github.com/vanessa219/vditor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vanessa219/vditor" }, { "reference_url": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5" }, { "reference_url": "https://github.com/Vanessa219/vditor/issues/1102", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Vanessa219/vditor/issues/1102" }, { "reference_url": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0341", "reference_id": "CVE-2022-0341", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0341" }, { "reference_url": "https://github.com/advisories/GHSA-pq37-4c4g-v38c", "reference_id": "GHSA-pq37-4c4g-v38c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pq37-4c4g-v38c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146265?format=api", "purl": "pkg:npm/vditor@3.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bvq3-s9r6-dkdv" }, { "vulnerability": "VCID-dnkm-ry7a-6kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/vditor@3.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/60966?format=api", "purl": "pkg:npm/vditor@3.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dnkm-ry7a-6kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/vditor@3.8.12" } ], "aliases": [ "CVE-2022-0341", "GHSA-pq37-4c4g-v38c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvq3-s9r6-dkdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42813?format=api", "vulnerability_id": "VCID-dnkm-ry7a-6kam", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36389", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3635", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36287", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3638", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0350" }, { "reference_url": "https://github.com/vanessa219/vditor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vanessa219/vditor" }, { "reference_url": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476" }, { "reference_url": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0350", "reference_id": "CVE-2022-0350", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0350" }, { "reference_url": "https://github.com/advisories/GHSA-689x-x68p-fph3", "reference_id": "GHSA-689x-x68p-fph3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-689x-x68p-fph3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61182?format=api", "purl": "pkg:npm/vditor@3.8.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/vditor@3.8.13" } ], "aliases": [ "CVE-2022-0350", "GHSA-689x-x68p-fph3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnkm-ry7a-6kam" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/vditor@2.1.4" }