Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/5230?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5230?format=api", "vulnerability_id": "VCID-7v89-2sss-hfaz", "summary": "multiple issues", "aliases": [ { "alias": "CVE-2020-13674" }, { "alias": "GHSA-j586-cj67-vg4p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2217?format=api", "purl": "pkg:alpm/archlinux/drupal@9.2.6-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6xfu-dm97-nkg4" }, { "vulnerability": "VCID-cbgv-19kg-z7a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.6-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60653?format=api", "purl": "pkg:composer/drupal/core@8.9.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/60639?format=api", "purl": "pkg:composer/drupal/core@9.1.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/60640?format=api", "purl": "pkg:composer/drupal/core@9.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2216?format=api", "purl": "pkg:alpm/archlinux/drupal@9.2.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-dxtv-3ta3-n7fy" }, { "vulnerability": "VCID-gr4h-rkhw-wbac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@9.2.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/52630?format=api", "purl": "pkg:composer/drupal/core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2989-fmjz-nkby" }, { "vulnerability": "VCID-2c5f-q858-huaw" }, { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-31qy-vagp-83b6" }, { "vulnerability": "VCID-3pj1-y73r-vyhh" }, { "vulnerability": "VCID-3xk4-qwaq-5yaj" }, { "vulnerability": "VCID-4dpp-gg2v-q3et" }, { "vulnerability": "VCID-4p4c-7rdc-37fa" }, { "vulnerability": "VCID-4pg6-hqge-wkcb" }, { "vulnerability": "VCID-4q59-j6u4-qfhk" }, { "vulnerability": "VCID-56ze-2yw2-bfh8" }, { "vulnerability": "VCID-5c5c-m7ba-kqct" }, { "vulnerability": "VCID-5jy9-mhbb-nuh7" }, { "vulnerability": "VCID-67w7-gq9f-ukf1" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-6s93-1cpz-yyg8" }, { "vulnerability": "VCID-7bq1-m8df-k3ba" }, { "vulnerability": "VCID-7ear-x9pf-yubc" }, { "vulnerability": "VCID-7n7v-41m4-97gk" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-8qd6-8ckc-h3g5" }, { "vulnerability": "VCID-9nk8-dban-g7h9" }, { "vulnerability": "VCID-a3s2-c4k2-4ufn" }, { "vulnerability": "VCID-a4u4-ga84-wyf9" }, { "vulnerability": "VCID-a7ss-tkb6-gkge" }, { "vulnerability": "VCID-ah3h-t9qa-gudr" }, { "vulnerability": "VCID-ard5-3cjv-1beu" }, { "vulnerability": "VCID-asm8-guag-b3ep" }, { "vulnerability": "VCID-avmn-kqky-83dd" }, { "vulnerability": "VCID-ay6b-1a7z-qkas" }, { "vulnerability": "VCID-b8fw-ya7y-h7d8" }, { "vulnerability": "VCID-bq2j-t19h-zyad" }, { "vulnerability": "VCID-ckvk-xm4a-2qey" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-deks-ns51-nbdg" }, { "vulnerability": "VCID-dhwb-tvs2-vkht" }, { "vulnerability": "VCID-dyhz-g3nv-yuc3" }, { "vulnerability": "VCID-e12q-qavs-qybu" }, { "vulnerability": "VCID-e8un-nbkk-cbf9" }, { "vulnerability": "VCID-edfu-7ege-hkf5" }, { "vulnerability": "VCID-egtv-y9w1-skgr" }, { "vulnerability": "VCID-es39-uyu2-myap" }, { "vulnerability": "VCID-hay8-hvsq-33bm" }, { "vulnerability": "VCID-j7bj-atys-qfg3" }, { "vulnerability": "VCID-jb63-xjup-1khv" }, { "vulnerability": "VCID-jrhg-3271-tqdy" }, { "vulnerability": "VCID-ks17-b29e-73au" }, { "vulnerability": "VCID-kzrs-mrga-nyej" }, { "vulnerability": "VCID-mm13-6dhq-nqfb" }, { "vulnerability": "VCID-myja-t33q-q3cv" }, { "vulnerability": "VCID-n5n3-p5yy-13d9" }, { "vulnerability": "VCID-nacy-y1qt-5yhb" }, { "vulnerability": "VCID-ng6g-hvc2-bkg4" }, { "vulnerability": "VCID-nwdx-mgsc-s3f3" }, { "vulnerability": "VCID-p54u-b18k-jyft" }, { "vulnerability": "VCID-pgnc-fq4m-3kaz" }, { "vulnerability": "VCID-pmmq-8s2m-h7dp" }, { "vulnerability": "VCID-pnme-dc73-efcb" }, { "vulnerability": "VCID-pzp5-2bpz-jfe2" }, { "vulnerability": "VCID-q6zh-decq-bkau" }, { "vulnerability": "VCID-qj1a-e46b-b7fs" }, { "vulnerability": "VCID-qsuc-53pg-zkda" }, { "vulnerability": "VCID-rd4g-h1j9-23cb" }, { "vulnerability": "VCID-rsc6-y1uv-6bfq" }, { "vulnerability": "VCID-t5ya-jzjf-ckh6" }, { "vulnerability": "VCID-t89y-c9hq-9bhk" }, { "vulnerability": "VCID-ta99-gcmk-2qc8" }, { "vulnerability": "VCID-tbhc-6qre-7kc5" }, { "vulnerability": "VCID-tbk2-zprq-27c8" }, { "vulnerability": "VCID-tpzm-u3qp-akc8" }, { "vulnerability": "VCID-ughj-q27r-yfe2" }, { "vulnerability": "VCID-uq9s-79g7-rqh6" }, { "vulnerability": "VCID-uvmv-j9kx-jfeq" }, { "vulnerability": "VCID-w4ks-ufnz-vfav" }, { "vulnerability": "VCID-wapd-e3mu-sffn" }, { "vulnerability": "VCID-wgac-uvfw-8ufm" }, { "vulnerability": "VCID-wsv7-je8g-sqet" }, { "vulnerability": "VCID-wszp-2es5-z7fy" }, { "vulnerability": "VCID-x34m-u169-1bce" }, { "vulnerability": "VCID-y1nb-prqc-suaj" }, { "vulnerability": "VCID-y5mz-1wsc-w3g7" }, { "vulnerability": "VCID-yq4q-hydz-vuga" }, { "vulnerability": "VCID-yygb-pp11-5udj" }, { "vulnerability": "VCID-z2xs-z24v-c3e5" }, { "vulnerability": "VCID-zpeb-7dhc-9kcx" }, { "vulnerability": "VCID-zqer-y4s4-hqhy" }, { "vulnerability": "VCID-zvtm-9bd5-ufgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60637?format=api", "purl": "pkg:composer/drupal/core@9.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-67da-qxh5-aydx" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-pzp5-2bpz-jfe2" }, { "vulnerability": "VCID-tpzm-u3qp-akc8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60638?format=api", "purl": "pkg:composer/drupal/core@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fas-m6vh-myhc" }, { "vulnerability": "VCID-2g67-a42m-qfbh" }, { "vulnerability": "VCID-2t34-82p3-73c3" }, { "vulnerability": "VCID-7v89-2sss-hfaz" }, { "vulnerability": "VCID-dav9-pgdh-8yey" }, { "vulnerability": "VCID-pzp5-2bpz-jfe2" }, { "vulnerability": "VCID-ydy1-x277-1fhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3383", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13674" }, { "reference_url": "https://github.com/drupal/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core" }, { "reference_url": "https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6" }, { "reference_url": "https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c" }, { "reference_url": "https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8" }, { "reference_url": "https://www.drupal.org/sa-core-2021-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-007" }, { "reference_url": "https://security.archlinux.org/AVG-2407", "reference_id": "AVG-2407", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2407" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13674", "reference_id": "CVE-2020-13674", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13674" }, { "reference_url": "https://github.com/advisories/GHSA-j586-cj67-vg4p", "reference_id": "GHSA-j586-cj67-vg4p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j586-cj67-vg4p" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 352, "name": "Cross-Site Request Forgery (CSRF)", "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7v89-2sss-hfaz" }