Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/619335?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/619335?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.15", "type": "maven", "namespace": "cn.hutool", "name": "hutool-json", "version": "5.8.15", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.8.22", "latest_non_vulnerable_version": "5.8.25", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18974?format=api", "vulnerability_id": "VCID-6kpd-gcmc-mycc", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43354", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43574", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43558", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4341", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43279", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43572", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43599", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43587", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43602", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42277" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://github.com/dromara/hutool/issues/3285", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:43:11Z/" } ], "url": "https://github.com/dromara/hutool/issues/3285" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277", "reference_id": "CVE-2023-42277", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42277" }, { "reference_url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p", "reference_id": "GHSA-7p8c-crfr-q93p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7p8c-crfr-q93p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59806?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.22" } ], "aliases": [ "CVE-2023-42277", "GHSA-7p8c-crfr-q93p" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kpd-gcmc-mycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18973?format=api", "vulnerability_id": "VCID-nhsq-y1t2-dbge", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43354", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43574", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43558", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4341", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43279", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43572", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43599", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43587", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43602", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42276" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/9ba8f9ca5dd32441f2e0f150cb22fa178bb771d3" }, { "reference_url": "https://github.com/dromara/hutool/issues/3286", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-26T17:44:20Z/" } ], "url": "https://github.com/dromara/hutool/issues/3286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276", "reference_id": "CVE-2023-42276", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42276" }, { "reference_url": "https://github.com/advisories/GHSA-rxgf-r843-g53h", "reference_id": "GHSA-rxgf-r843-g53h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxgf-r843-g53h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59806?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.22" } ], "aliases": [ "CVE-2023-42276", "GHSA-rxgf-r843-g53h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhsq-y1t2-dbge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18976?format=api", "vulnerability_id": "VCID-xwj3-1bfz-sbb6", "summary": "hutool Buffer Overflow vulnerability\nhutool v5.8.21 was discovered to contain a buffer overflow via the component `JSONUtil.parse()`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63097", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63133", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63086", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63131", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63132", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63118", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67292", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.6724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67263", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67325", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67312", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67311", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67324", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42278" }, { "reference_url": "https://github.com/dromara/hutool", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool" }, { "reference_url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dromara/hutool/commit/5c4486b9f58a83f283868135138f6ff3741b8c12" }, { "reference_url": "https://github.com/dromara/hutool/issues/3289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T16:12:52Z/" } ], "url": "https://github.com/dromara/hutool/issues/3289" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278", "reference_id": "CVE-2023-42278", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42278" }, { "reference_url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx", "reference_id": "GHSA-rr66-qh5m-w6mx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rr66-qh5m-w6mx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59806?format=api", "purl": "pkg:maven/cn.hutool/hutool-json@5.8.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.22" } ], "aliases": [ "CVE-2023-42278", "GHSA-rr66-qh5m-w6mx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwj3-1bfz-sbb6" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/cn.hutool/hutool-json@5.8.15" }