Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/978485?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/978485?format=api", "purl": "pkg:npm/%40powersync/service-sync-rules@0.0.0-dev-20241007120318", "type": "npm", "namespace": "@powersync", "name": "service-sync-rules", "version": "0.0.0-dev-20241007120318", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.17.10", "latest_non_vulnerable_version": "0.33.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50750?format=api", "vulnerability_id": "VCID-1152-dmqv-akh4", "summary": "PowerSync: Some sync filters ignored on 1.20.0 using `config.edition: 3`\nIn version **1.20.0**, when using new sync streams with `config.edition: 3`, certain subquery filters were ignored when determining which data to sync to users.\n\nDepending on the sync stream configuration, this could result in authenticated users syncing data that should have been restricted.\n\nOnly queries that gate synchronization using subqueries without partitioning the result set are affected.\n\nNot affected:\n* Sync rules (bucket_definitions)\n* Sync streams using `config.edition: 2`\n* No data is exposed without authenticating", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13225", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13111", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13186", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13222", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30870" }, { "reference_url": "https://github.com/powersync-ja/powersync-service", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/powersync-ja/powersync-service" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30870", "reference_id": "CVE-2026-30870", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30870" }, { "reference_url": "https://github.com/advisories/GHSA-q6wc-xx4m-92fj", "reference_id": "GHSA-q6wc-xx4m-92fj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q6wc-xx4m-92fj" }, { "reference_url": "https://github.com/powersync-ja/powersync-service/security/advisories/GHSA-q6wc-xx4m-92fj", "reference_id": "GHSA-q6wc-xx4m-92fj", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:14:10Z/" } ], "url": "https://github.com/powersync-ja/powersync-service/security/advisories/GHSA-q6wc-xx4m-92fj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/978584?format=api", "purl": "pkg:npm/%40powersync/service-sync-rules@0.17.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540powersync/service-sync-rules@0.17.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/74541?format=api", "purl": "pkg:npm/%40powersync/service-sync-rules@0.33.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540powersync/service-sync-rules@0.33.0" } ], "aliases": [ "CVE-2026-30870", "GHSA-q6wc-xx4m-92fj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1152-dmqv-akh4" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540powersync/service-sync-rules@0.0.0-dev-20241007120318" }