GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/284849?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/284849?format=api",
    "vulnerability_id": "VCID-vtuk-fnhs-8fek",
    "summary": "Hard-coded credentials were included as part of the application binary. \nThese credentials served as part of the application authentication flow \nand communication with the mobile application. An attacker could access \nunauthorized information.",
    "aliases": [
        {
            "alias": "CVE-2024-45832"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45832",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00051",
                    "scoring_system": "epss",
                    "scoring_elements": "0.16306",
                    "published_at": "2026-06-05T12:55:00Z"
                },
                {
                    "value": "0.00051",
                    "scoring_system": "epss",
                    "scoring_elements": "0.16252",
                    "published_at": "2026-06-07T12:55:00Z"
                },
                {
                    "value": "0.00051",
                    "scoring_system": "epss",
                    "scoring_elements": "0.16295",
                    "published_at": "2026-06-06T12:55:00Z"
                },
                {
                    "value": "0.00069",
                    "scoring_system": "epss",
                    "scoring_elements": "0.21345",
                    "published_at": "2026-06-09T12:55:00Z"
                },
                {
                    "value": "0.00069",
                    "scoring_system": "epss",
                    "scoring_elements": "0.21336",
                    "published_at": "2026-06-08T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45832"
        },
        {
            "reference_url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01",
            "reference_id": "icsma-24-354-01",
            "reference_type": "",
            "scores": [
                {
                    "value": "4.3",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
                },
                {
                    "value": "2",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:H/SA:N"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-17T17:49:56Z/"
                }
            ],
            "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 798,
            "name": "Use of Hard-coded Credentials",
            "description": "The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
        }
    ],
    "exploits": [],
    "severity_range_score": "2.0 - 4.3",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtuk-fnhs-8fek"
}