Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62724?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62724?format=api", "purl": "pkg:gem/activerecord@6.0.0", "type": "gem", "namespace": "", "name": "activerecord", "version": "6.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.0.5.1", "latest_non_vulnerable_version": "7.0.4.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/198608?format=api", "vulnerability_id": "VCID-2bpy-kbwe-zbg8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01897", "scoring_system": "epss", "scoring_elements": "0.83537", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017" }, { "reference_url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224", "reference_id": "CVE-2022-32224", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml", "reference_id": "CVE-2022-32224.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j", "reference_id": "GHSA-3hhc-qp5v-9p2j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78509?format=api", "purl": "pkg:gem/activerecord@6.0.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/78513?format=api", "purl": "pkg:gem/activerecord@6.1.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/78511?format=api", "purl": "pkg:gem/activerecord@7.0.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1" } ], "aliases": [ "CVE-2022-32224", "GHSA-3hhc-qp5v-9p2j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bpy-kbwe-zbg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16659?format=api", "vulnerability_id": "VCID-rzeh-ft6v-h7bv", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05757", "scoring_system": "epss", "scoring_elements": "0.90598", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22794" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117", "reference_id": "", "reference_type": "", "scores": [], "url": "https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22794", "reference_id": "CVE-2023-22794", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22794" }, { "reference_url": "https://github.com/advisories/GHSA-hq7p-j377-6v63", "reference_id": "GHSA-hq7p-j377-6v63", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hq7p-j377-6v63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62726?format=api", "purl": "pkg:gem/activerecord@6.0.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62442?format=api", "purl": "pkg:gem/activerecord@6.1.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62443?format=api", "purl": "pkg:gem/activerecord@7.0.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1" } ], "aliases": [ "CVE-2023-22794", "GHSA-hq7p-j377-6v63", "GMS-2023-60" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzeh-ft6v-h7bv" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.0" }