Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/922329?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/922329?format=api", "purl": "pkg:deb/debian/firejail@0.9.58.2-2?distro=trixie", "type": "deb", "namespace": "debian", "name": "firejail", "version": "0.9.58.2-2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.9.62-4", "latest_non_vulnerable_version": "0.9.80-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93944?format=api", "vulnerability_id": "VCID-j4ay-sffd-zbat", "summary": "Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01291", "scoring_system": "epss", "scoring_elements": "0.79761", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01291", "scoring_system": "epss", "scoring_elements": "0.79785", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01291", "scoring_system": "epss", "scoring_elements": "0.79802", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.79985", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80014", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80022", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80042", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80026", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.79966", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80046", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80048", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.8008", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80096", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80018", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.79973", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.79995", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12499" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929733", "reference_id": "929733", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929733" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922329?format=api", "purl": "pkg:deb/debian/firejail@0.9.58.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.58.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922321?format=api", "purl": "pkg:deb/debian/firejail@0.9.64.4-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.64.4-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922319?format=api", "purl": "pkg:deb/debian/firejail@0.9.72-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.72-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922323?format=api", "purl": "pkg:deb/debian/firejail@0.9.74-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.74-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922322?format=api", "purl": "pkg:deb/debian/firejail@0.9.80-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.80-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12499" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4ay-sffd-zbat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93945?format=api", "vulnerability_id": "VCID-wr4q-yy27-7qar", "summary": "In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22273", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22357", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22435", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23155", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23227", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23278", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.233", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23204", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23213", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.22999", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.22992", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.22988", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23221", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23323", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23366", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12589" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929732", "reference_id": "929732", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929732" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922329?format=api", "purl": "pkg:deb/debian/firejail@0.9.58.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.58.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922321?format=api", "purl": "pkg:deb/debian/firejail@0.9.64.4-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.64.4-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922319?format=api", "purl": "pkg:deb/debian/firejail@0.9.72-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.72-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922323?format=api", "purl": "pkg:deb/debian/firejail@0.9.74-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.74-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922322?format=api", "purl": "pkg:deb/debian/firejail@0.9.80-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.80-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12589" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wr4q-yy27-7qar" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.58.2-2%3Fdistro=trixie" }