VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/44629?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44629?format=api",
    "vulnerability_id": "VCID-kjze-72r2-bfd1",
    "summary": "EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands.",
    "aliases": [
        {
            "alias": "CVE-2024-53438"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53438",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00268",
                    "scoring_system": "epss",
                    "scoring_elements": "0.50563",
                    "published_at": "2026-06-11T12:55:00Z"
                },
                {
                    "value": "0.00268",
                    "scoring_system": "epss",
                    "scoring_elements": "0.50697",
                    "published_at": "2026-06-12T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53438"
        },
        {
            "reference_url": "https://github.com/ChurchCRM/CRM/issues/6988",
            "reference_id": "6988",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Track*",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-27T16:52:30Z/"
                }
            ],
            "url": "https://github.com/ChurchCRM/CRM/issues/6988"
        },
        {
            "reference_url": "https://github.com/advisories/GHSA-gr5x-8j97-qq23",
            "reference_id": "GHSA-gr5x-8j97-qq23",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Track*",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-27T16:52:30Z/"
                }
            ],
            "url": "https://github.com/advisories/GHSA-gr5x-8j97-qq23"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "9.8 - 9.8",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjze-72r2-bfd1"
}

Vulnerability Instance