VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/943627?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/943627?format=api",
    "purl": "pkg:deb/debian/xpdf@3.02-2?distro=trixie",
    "type": "deb",
    "namespace": "debian",
    "name": "xpdf",
    "version": "3.02-2",
    "qualifiers": {
        "distro": "trixie"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "3.02-9",
    "latest_non_vulnerable_version": "3.04+git20260220-1",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31238?format=api",
            "vulnerability_id": "VCID-35b2-jj1x-rkcf",
            "summary": "Multiple vulnerabilities have been found in Poppler, some of which\n    may allow execution of arbitrary code.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3604.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3604.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3604",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91751",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9176",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91766",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91773",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91785",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91792",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91795",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91797",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91793",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91812",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91805",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91806",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91808",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91822",
                            "published_at": "2026-05-05T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91832",
                            "published_at": "2026-05-07T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91842",
                            "published_at": "2026-05-09T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91841",
                            "published_at": "2026-05-11T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91848",
                            "published_at": "2026-05-12T12:55:00Z"
                        },
                        {
                            "value": "0.07495",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91861",
                            "published_at": "2026-05-14T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3604"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911",
                    "reference_id": "526911",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287",
                    "reference_id": "551287",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289",
                    "reference_id": "551289",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201310-03",
                    "reference_id": "GLSA-201310-03",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201310-03"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480",
                    "reference_id": "RHSA-2009:0480",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:0480"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1500",
                    "reference_id": "RHSA-2009:1500",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1500"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1501",
                    "reference_id": "RHSA-2009:1501",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1501"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1502",
                    "reference_id": "RHSA-2009:1502",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1502"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1503",
                    "reference_id": "RHSA-2009:1503",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1503"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1512",
                    "reference_id": "RHSA-2009:1512",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1512"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/850-1/",
                    "reference_id": "USN-850-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/850-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/850-3/",
                    "reference_id": "USN-850-3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/850-3/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943627?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.02-2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2009-3604"
            ],
            "risk_score": 0.1,
            "exploitability": "0.5",
            "weighted_severity": "0.1",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35b2-jj1x-rkcf"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31237?format=api",
            "vulnerability_id": "VCID-6dwz-8kx9-rugr",
            "summary": "Multiple vulnerabilities have been found in Poppler, some of which\n    may allow execution of arbitrary code.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3603.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3603.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3603",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90877",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90882",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90892",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90902",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90913",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9092",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90928",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90929",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90952",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9095",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90951",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90963",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90962",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90959",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90975",
                            "published_at": "2026-05-05T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90991",
                            "published_at": "2026-05-07T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91005",
                            "published_at": "2026-05-09T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91004",
                            "published_at": "2026-05-11T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91013",
                            "published_at": "2026-05-12T12:55:00Z"
                        },
                        {
                            "value": "0.06276",
                            "scoring_system": "epss",
                            "scoring_elements": "0.91023",
                            "published_at": "2026-05-14T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3603"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=526915",
                    "reference_id": "526915",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526915"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287",
                    "reference_id": "551287",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289",
                    "reference_id": "551289",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201310-03",
                    "reference_id": "GLSA-201310-03",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201310-03"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1504",
                    "reference_id": "RHSA-2009:1504",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1504"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/850-1/",
                    "reference_id": "USN-850-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/850-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/850-3/",
                    "reference_id": "USN-850-3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/850-3/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943627?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.02-2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2009-3603"
            ],
            "risk_score": 0.1,
            "exploitability": "0.5",
            "weighted_severity": "0.1",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dwz-8kx9-rugr"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31236?format=api",
            "vulnerability_id": "VCID-uczb-yext-6yfq",
            "summary": "Multiple vulnerabilities have been found in Poppler, some of which\n    may allow execution of arbitrary code.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1188.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1188.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1188",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95736",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95745",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95753",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95755",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95764",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95767",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95771",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95772",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95781",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95786",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95787",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95789",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95788",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.958",
                            "published_at": "2026-05-05T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95802",
                            "published_at": "2026-05-07T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95809",
                            "published_at": "2026-05-09T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95814",
                            "published_at": "2026-05-11T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95819",
                            "published_at": "2026-05-12T12:55:00Z"
                        },
                        {
                            "value": "0.21975",
                            "scoring_system": "epss",
                            "scoring_elements": "0.95833",
                            "published_at": "2026-05-14T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1188"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495907",
                    "reference_id": "495907",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495907"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806",
                    "reference_id": "524806",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575779",
                    "reference_id": "575779",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575779"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201310-03",
                    "reference_id": "GLSA-201310-03",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201310-03"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480",
                    "reference_id": "RHSA-2009:0480",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:0480"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1501",
                    "reference_id": "RHSA-2009:1501",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1501"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1502",
                    "reference_id": "RHSA-2009:1502",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1502"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1503",
                    "reference_id": "RHSA-2009:1503",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1503"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1512",
                    "reference_id": "RHSA-2009:1512",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1512"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/759-1/",
                    "reference_id": "USN-759-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/759-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943627?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.02-2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2009-1188"
            ],
            "risk_score": 0.1,
            "exploitability": "0.5",
            "weighted_severity": "0.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uczb-yext-6yfq"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31242?format=api",
            "vulnerability_id": "VCID-xddx-numk-a7bn",
            "summary": "Multiple vulnerabilities have been found in Poppler, some of which\n    may allow execution of arbitrary code.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3608.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3608.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3608",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93944",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93953",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93962",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93964",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93973",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93976",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9398",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.93995",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94001",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94003",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94002",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9401",
                            "published_at": "2026-05-05T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94022",
                            "published_at": "2026-05-07T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94032",
                            "published_at": "2026-05-09T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94036",
                            "published_at": "2026-05-11T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9404",
                            "published_at": "2026-05-12T12:55:00Z"
                        },
                        {
                            "value": "0.12664",
                            "scoring_system": "epss",
                            "scoring_elements": "0.94053",
                            "published_at": "2026-05-14T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3608"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637",
                    "reference_id": "526637",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287",
                    "reference_id": "551287",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289",
                    "reference_id": "551289",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201310-03",
                    "reference_id": "GLSA-201310-03",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201310-03"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1501",
                    "reference_id": "RHSA-2009:1501",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1501"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1502",
                    "reference_id": "RHSA-2009:1502",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1502"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1503",
                    "reference_id": "RHSA-2009:1503",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1503"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1504",
                    "reference_id": "RHSA-2009:1504",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1504"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1512",
                    "reference_id": "RHSA-2009:1512",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1512"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1513",
                    "reference_id": "RHSA-2009:1513",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1513"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400",
                    "reference_id": "RHSA-2010:0400",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2010:0400"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/850-1/",
                    "reference_id": "USN-850-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/850-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/850-3/",
                    "reference_id": "USN-850-3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/850-3/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/973-1/",
                    "reference_id": "USN-973-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/973-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943627?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.02-2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2009-3608"
            ],
            "risk_score": 0.1,
            "exploitability": "0.5",
            "weighted_severity": "0.1",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xddx-numk-a7bn"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31243?format=api",
            "vulnerability_id": "VCID-yu46-ypr2-dfce",
            "summary": "Multiple vulnerabilities have been found in Poppler, some of which\n    may allow execution of arbitrary code.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3609.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3609.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3609",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90645",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9065",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9066",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90669",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90679",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90685",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90694",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9069",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90709",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90707",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90704",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9072",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90721",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90717",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90732",
                            "published_at": "2026-05-05T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90751",
                            "published_at": "2026-05-07T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90763",
                            "published_at": "2026-05-09T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90761",
                            "published_at": "2026-05-11T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9077",
                            "published_at": "2026-05-12T12:55:00Z"
                        },
                        {
                            "value": "0.05999",
                            "scoring_system": "epss",
                            "scoring_elements": "0.90783",
                            "published_at": "2026-05-14T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3609"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893",
                    "reference_id": "526893",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287",
                    "reference_id": "551287",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289",
                    "reference_id": "551289",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201310-03",
                    "reference_id": "GLSA-201310-03",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201310-03"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1500",
                    "reference_id": "RHSA-2009:1500",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1500"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1501",
                    "reference_id": "RHSA-2009:1501",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1501"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1502",
                    "reference_id": "RHSA-2009:1502",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1502"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1503",
                    "reference_id": "RHSA-2009:1503",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1503"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1504",
                    "reference_id": "RHSA-2009:1504",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1504"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1512",
                    "reference_id": "RHSA-2009:1512",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1512"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1513",
                    "reference_id": "RHSA-2009:1513",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1513"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399",
                    "reference_id": "RHSA-2010:0399",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2010:0399"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400",
                    "reference_id": "RHSA-2010:0400",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2010:0400"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2010:0401",
                    "reference_id": "RHSA-2010:0401",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2010:0401"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2010:0755",
                    "reference_id": "RHSA-2010:0755",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2010:0755"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/850-1/",
                    "reference_id": "USN-850-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/850-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/850-3/",
                    "reference_id": "USN-850-3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/850-3/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/973-1/",
                    "reference_id": "USN-973-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/973-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943627?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.02-2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2009-3609"
            ],
            "risk_score": 0.1,
            "exploitability": "0.5",
            "weighted_severity": "0.1",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yu46-ypr2-dfce"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31240?format=api",
            "vulnerability_id": "VCID-zr8n-mfu1-4yg4",
            "summary": "Multiple vulnerabilities have been found in Poppler, some of which\n    may allow execution of arbitrary code.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3606.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3606.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3606",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.8942",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89424",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89435",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89437",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89453",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89457",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89465",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89463",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89459",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89474",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89472",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89486",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.8949",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89491",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89498",
                            "published_at": "2026-05-05T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89517",
                            "published_at": "2026-05-07T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89532",
                            "published_at": "2026-05-09T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89527",
                            "published_at": "2026-05-11T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89537",
                            "published_at": "2026-05-12T12:55:00Z"
                        },
                        {
                            "value": "0.04772",
                            "scoring_system": "epss",
                            "scoring_elements": "0.89556",
                            "published_at": "2026-05-14T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3606"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=526877",
                    "reference_id": "526877",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526877"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287",
                    "reference_id": "551287",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289",
                    "reference_id": "551289",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201310-03",
                    "reference_id": "GLSA-201310-03",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201310-03"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458",
                    "reference_id": "RHSA-2009:0458",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:0458"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480",
                    "reference_id": "RHSA-2009:0480",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:0480"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1500",
                    "reference_id": "RHSA-2009:1500",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1500"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1501",
                    "reference_id": "RHSA-2009:1501",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1501"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2009:1502",
                    "reference_id": "RHSA-2009:1502",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2009:1502"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/973-1/",
                    "reference_id": "USN-973-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/973-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943627?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.02-2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api",
                    "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2009-3606"
            ],
            "risk_score": null,
            "exploitability": "0.5",
            "weighted_severity": "0.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zr8n-mfu1-4yg4"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie"
}

Package Instance