Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/939156?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/939156?format=api", "purl": "pkg:gem/spree_api@2.0.1", "type": "gem", "namespace": "", "name": "spree_api", "version": "2.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.10.3", "latest_non_vulnerable_version": "5.3.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83592?format=api", "vulnerability_id": "VCID-2acx-2afs-pqb7", "summary": "Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying an existing order. By editing an order they legitimately own and manipulating address identifiers in the request, the backend server accepts and processes references to addresses belonging to other users, subsequently associating those addresses with the attacker’s order and returning them in the response. This issue has been patched in versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22588", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01013", "published_at": "2026-06-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01017", "published_at": "2026-06-14T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01007", "published_at": "2026-06-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01009", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22588" }, { "reference_url": "https://github.com/spree/spree", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree" }, { "reference_url": "https://github.com/spree/spree/commit/02acabdce2c5f14fd687335b068d901a957a7e72", "reference_id": "02acabdce2c5f14fd687335b068d901a957a7e72", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/commit/02acabdce2c5f14fd687335b068d901a957a7e72" }, { "reference_url": "https://github.com/spree/spree/commit/17e78a91b736b49dbea8d1bb1223c284383ee5f3", "reference_id": "17e78a91b736b49dbea8d1bb1223c284383ee5f3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/commit/17e78a91b736b49dbea8d1bb1223c284383ee5f3" }, { "reference_url": "https://github.com/spree/spree/commit/b409c0fd327e7ce37f63238894670d07079eefe8", "reference_id": "b409c0fd327e7ce37f63238894670d07079eefe8", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/commit/b409c0fd327e7ce37f63238894670d07079eefe8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22588", "reference_id": "CVE-2026-22588", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22588" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-22588.yml", "reference_id": "CVE-2026-22588.YML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-22588.yml" }, { "reference_url": "https://github.com/spree/spree/commit/d3f961c442e0015661535cbd6eb22475f76d2dc7", "reference_id": "d3f961c442e0015661535cbd6eb22475f76d2dc7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/commit/d3f961c442e0015661535cbd6eb22475f76d2dc7" }, { "reference_url": "https://github.com/advisories/GHSA-g268-72p7-9j6j", "reference_id": "GHSA-g268-72p7-9j6j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g268-72p7-9j6j" }, { "reference_url": "https://github.com/spree/spree/security/advisories/GHSA-g268-72p7-9j6j", "reference_id": "GHSA-g268-72p7-9j6j", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:08:29Z/" } ], "url": "https://github.com/spree/spree/security/advisories/GHSA-g268-72p7-9j6j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36696?format=api", "purl": "pkg:gem/spree_api@4.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@4.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/905598?format=api", "purl": "pkg:gem/spree_api@5.0.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2acx-2afs-pqb7" }, { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.0.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36707?format=api", "purl": "pkg:gem/spree_api@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/905605?format=api", "purl": "pkg:gem/spree_api@5.1.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2acx-2afs-pqb7" }, { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.1.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/36700?format=api", "purl": "pkg:gem/spree_api@5.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/905614?format=api", "purl": "pkg:gem/spree_api@5.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2acx-2afs-pqb7" }, { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36710?format=api", "purl": "pkg:gem/spree_api@5.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.2.5" } ], "aliases": [ "CVE-2026-22588", "GHSA-g268-72p7-9j6j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2acx-2afs-pqb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65821?format=api", "vulnerability_id": "VCID-cyw4-uvae-bfhu", "summary": "Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to other guests' personally identifiable information (PII) including names, addresses and phone numbers. The vulnerability bypasses existing ownership validation checks and affects all guest checkout transactions. This vulnerability is fixed in 4.10.3, 5.0.8, 5.1.10, 5.2.7, and 5.3.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11512", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11543", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11551", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11474", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25758" }, { "reference_url": "https://github.com/spree/spree", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree" }, { "reference_url": "https://github.com/spree/spree/commit/15619618e43b367617ec8d2d4aafc5e54fa7b734", "reference_id": "15619618e43b367617ec8d2d4aafc5e54fa7b734", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/15619618e43b367617ec8d2d4aafc5e54fa7b734" }, { "reference_url": "https://github.com/spree/spree/commit/29282d1565ba4f7bc2bbc47d550e2c0c6d0ae59f", "reference_id": "29282d1565ba4f7bc2bbc47d550e2c0c6d0ae59f", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/29282d1565ba4f7bc2bbc47d550e2c0c6d0ae59f" }, { "reference_url": "https://github.com/spree/spree/commit/6650f96356faa0d16c05bcb516f1ffd5641741b8", "reference_id": "6650f96356faa0d16c05bcb516f1ffd5641741b8", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/6650f96356faa0d16c05bcb516f1ffd5641741b8" }, { "reference_url": "https://github.com/spree/spree/commit/902d301ac83fd2047db1b9a3a99545162860f748", "reference_id": "902d301ac83fd2047db1b9a3a99545162860f748", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/902d301ac83fd2047db1b9a3a99545162860f748" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/models/spree/order/address_book.rb#L16-L38", "reference_id": "address_book.rb#L16-L38", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/models/spree/order/address_book.rb#L16-L38" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/models/spree/order/checkout.rb#L241-L254", "reference_id": "checkout.rb#L241-L254", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/models/spree/order/checkout.rb#L241-L254" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25758", "reference_id": "CVE-2026-25758", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25758" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-25758.yml", "reference_id": "CVE-2026-25758.YML", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-25758.yml" }, { "reference_url": "https://github.com/spree/spree/commit/ff7cfcfcfe0c40c60d03317e1d0ee361c6a6b054", "reference_id": "ff7cfcfcfe0c40c60d03317e1d0ee361c6a6b054", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/commit/ff7cfcfcfe0c40c60d03317e1d0ee361c6a6b054" }, { "reference_url": "https://github.com/advisories/GHSA-87fh-rc96-6fr6", "reference_id": "GHSA-87fh-rc96-6fr6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-87fh-rc96-6fr6" }, { "reference_url": "https://github.com/spree/spree/security/advisories/GHSA-87fh-rc96-6fr6", "reference_id": "GHSA-87fh-rc96-6fr6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/security/advisories/GHSA-87fh-rc96-6fr6" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/lib/spree/permitted_attributes.rb#L92-L96", "reference_id": "permitted_attributes.rb#L92-L96", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/lib/spree/permitted_attributes.rb#L92-L96" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/services/spree/checkout/update.rb#L33-L48", "reference_id": "update.rb#L33-L48", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:21:54Z/" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/app/services/spree/checkout/update.rb#L33-L48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38824?format=api", "purl": "pkg:gem/spree_api@4.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@4.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/905598?format=api", "purl": "pkg:gem/spree_api@5.0.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2acx-2afs-pqb7" }, { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.0.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/38835?format=api", "purl": "pkg:gem/spree_api@5.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/905605?format=api", "purl": "pkg:gem/spree_api@5.1.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2acx-2afs-pqb7" }, { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.1.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/38819?format=api", "purl": "pkg:gem/spree_api@5.1.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/905614?format=api", "purl": "pkg:gem/spree_api@5.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2acx-2afs-pqb7" }, { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/38829?format=api", "purl": "pkg:gem/spree_api@5.2.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/939307?format=api", "purl": "pkg:gem/spree_api@5.3.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cyw4-uvae-bfhu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.3.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/38834?format=api", "purl": "pkg:gem/spree_api@5.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@5.3.2" } ], "aliases": [ "CVE-2026-25758", "GHSA-87fh-rc96-6fr6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyw4-uvae-bfhu" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_api@2.0.1" }