Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/86095?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/86095?format=api", "purl": "pkg:mozilla/Thunderbird@128.9.2", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "128.9.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "128.10.0", "latest_non_vulnerable_version": "150.0.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62936?format=api", "vulnerability_id": "VCID-rfve-tkv7-13dv", "summary": "Thunderbird processes the X-Mozilla-External-Attachment-URL header\nto handle attachments which can be hosted externally. When an\nemail is opened, Thunderbird accesses the specified URL to \ndetermine file size, and navigates to it when the user clicks the\nattachment. Because the URL is not validated or sanitized, it can\nreference internal resources like chrome:// or SMB share file:// links,\npotentially leading to hashed Windows credential leakage and opening the\ndoor to more serious security issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45662", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45892", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45837", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45764", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45715", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45611", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45674", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45693", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45636", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45824", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45846", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45796", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45853", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.4585", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45872", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45842", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45898", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359793", "reference_id": "2359793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359793" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-26" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", "reference_id": "mfsa2025-26", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-27" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", "reference_id": "mfsa2025-27", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4229", "reference_id": "RHSA-2025:4229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4389", "reference_id": "RHSA-2025:4389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4512", "reference_id": "RHSA-2025:4512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4513", "reference_id": "RHSA-2025:4513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4514", "reference_id": "RHSA-2025:4514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4617", "reference_id": "RHSA-2025:4617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4649", "reference_id": "RHSA-2025:4649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4654", "reference_id": "RHSA-2025:4654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4665", "reference_id": "RHSA-2025:4665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7435", "reference_id": "RHSA-2025:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7507", "reference_id": "RHSA-2025:7507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7507" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955372", "reference_id": "show_bug.cgi?id=1955372", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955372" }, { "reference_url": "https://usn.ubuntu.com/7663-1/", "reference_id": "USN-7663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86095?format=api", "purl": "pkg:mozilla/Thunderbird@128.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@128.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/86058?format=api", "purl": "pkg:mozilla/Thunderbird@137.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@137.0.2" } ], "aliases": [ "CVE-2025-3522" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfve-tkv7-13dv" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@128.9.2" }