Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/78515?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/78515?format=api", "purl": "pkg:npm/js-cha3@0.0.0", "type": "npm", "namespace": "", "name": "js-cha3", "version": "0.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53457?format=api", "vulnerability_id": "VCID-z63v-14g1-s7fb", "summary": "Malicious Package\ncontained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Remove the package from your environment. Ensure no Ethereum funds were compromised.", "references": [ { "reference_url": "https://www.npmjs.com/advisories/1281", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1281" }, { "reference_url": "https://github.com/advisories/GHSA-7xf9-74cp-8hx3", "reference_id": "GHSA-7xf9-74cp-8hx3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7xf9-74cp-8hx3" } ], "fixed_packages": [], "aliases": [ "GHSA-7xf9-74cp-8hx3", "GMS-2020-315" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z63v-14g1-s7fb" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/js-cha3@0.0.0" }