VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/266535?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266535?format=api",
    "vulnerability_id": "VCID-e73p-589d-7qdm",
    "summary": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
    "aliases": [
        {
            "alias": "CVE-2025-24028"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504764?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=aarch64&distroversion=v3.23&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=aarch64&distroversion=v3.23&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504765?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=armhf&distroversion=v3.23&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=armhf&distroversion=v3.23&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504766?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=armv7&distroversion=v3.23&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=armv7&distroversion=v3.23&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504772?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=x86_64&distroversion=v3.23&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=x86_64&distroversion=v3.23&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/510959?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=aarch64&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=aarch64&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/510960?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=armhf&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=armhf&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/510961?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=armv7&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=armv7&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/510962?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=loongarch64&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=loongarch64&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/510963?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=ppc64le&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=ppc64le&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/510964?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=riscv64&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=riscv64&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/510965?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=s390x&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=s390x&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/510966?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=x86&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=x86&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/510967?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=x86_64&distroversion=edge&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=x86_64&distroversion=edge&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504767?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=loongarch64&distroversion=v3.23&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=loongarch64&distroversion=v3.23&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504768?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=ppc64le&distroversion=v3.23&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=ppc64le&distroversion=v3.23&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504769?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=riscv64&distroversion=v3.23&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=riscv64&distroversion=v3.23&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504770?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=s390x&distroversion=v3.23&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=s390x&distroversion=v3.23&reponame=community"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/504771?format=api",
            "purl": "pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2?arch=x86&distroversion=v3.23&reponame=community",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.9.3-r2%3Farch=x86&distroversion=v3.23&reponame=community"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24028",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56831",
                    "published_at": "2026-05-11T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56905",
                    "published_at": "2026-04-16T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56902",
                    "published_at": "2026-04-18T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56818",
                    "published_at": "2026-04-29T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56835",
                    "published_at": "2026-04-26T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56773",
                    "published_at": "2026-05-05T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56819",
                    "published_at": "2026-05-07T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.5688",
                    "published_at": "2026-05-09T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56858",
                    "published_at": "2026-04-02T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56879",
                    "published_at": "2026-04-21T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56855",
                    "published_at": "2026-05-12T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56907",
                    "published_at": "2026-04-08T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.5691",
                    "published_at": "2026-04-09T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56919",
                    "published_at": "2026-05-14T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56899",
                    "published_at": "2026-04-12T12:55:00Z"
                },
                {
                    "value": "0.00342",
                    "scoring_system": "epss",
                    "scoring_elements": "0.56876",
                    "published_at": "2026-04-13T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24028"
        },
        {
            "reference_url": "https://github.com/laurent22/joplin/commit/2a058ed8097c2502e152b26394dc1917897f5817",
            "reference_id": "2a058ed8097c2502e152b26394dc1917897f5817",
            "reference_type": "",
            "scores": [
                {
                    "value": "7.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:17:07Z/"
                }
            ],
            "url": "https://github.com/laurent22/joplin/commit/2a058ed8097c2502e152b26394dc1917897f5817"
        },
        {
            "reference_url": "https://github.com/laurent22/joplin/commit/9b505395918bc923f34fe6f3b960bb10e8cf234e",
            "reference_id": "9b505395918bc923f34fe6f3b960bb10e8cf234e",
            "reference_type": "",
            "scores": [
                {
                    "value": "7.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:17:07Z/"
                }
            ],
            "url": "https://github.com/laurent22/joplin/commit/9b505395918bc923f34fe6f3b960bb10e8cf234e"
        },
        {
            "reference_url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5w3c-wph9-hq92",
            "reference_id": "GHSA-5w3c-wph9-hq92",
            "reference_type": "",
            "scores": [
                {
                    "value": "7.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:17:07Z/"
                }
            ],
            "url": "https://github.com/laurent22/joplin/security/advisories/GHSA-5w3c-wph9-hq92"
        },
        {
            "reference_url": "https://joplinapp.org/help/dev/spec/note_viewer_isolation",
            "reference_id": "note_viewer_isolation",
            "reference_type": "",
            "scores": [
                {
                    "value": "7.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T17:17:07Z/"
                }
            ],
            "url": "https://joplinapp.org/help/dev/spec/note_viewer_isolation"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 79,
            "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
            "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."
        }
    ],
    "exploits": [],
    "severity_range_score": "7.8 - 7.8",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e73p-589d-7qdm"
}

Vulnerability Instance