GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/90801?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90801?format=api",
    "vulnerability_id": "VCID-we2k-stgm-7uh7",
    "summary": "Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121\n### Summary\nThe terraform-provider-argocd might have been vulnerable to GO-2026-4337 / CVE-2025-68121 (\"Unexpected session resumption in crypto/tls\").\n\n### Details\n\nSee https://pkg.go.dev/vuln/GO-2026-4337 for the upstream vulnerability.\n\nProvider versions starting with `v7.15.1` are using `go 1.25.8` for building and are thus no longer affected.",
    "aliases": [
        {
            "alias": "GHSA-594f-3595-c47v"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://github.com/argoproj-labs/terraform-provider-argocd",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "4.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/argoproj-labs/terraform-provider-argocd"
        },
        {
            "reference_url": "https://github.com/argoproj-labs/terraform-provider-argocd/commit/b3364f3f32e70f1563c5f3162d370db704430294",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "4.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/argoproj-labs/terraform-provider-argocd/commit/b3364f3f32e70f1563c5f3162d370db704430294"
        },
        {
            "reference_url": "https://github.com/argoproj-labs/terraform-provider-argocd/security/advisories/GHSA-594f-3595-c47v",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "4.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/argoproj-labs/terraform-provider-argocd/security/advisories/GHSA-594f-3595-c47v"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 1395,
            "name": "Dependency on Vulnerable Third-Party Component",
            "description": "The product has a dependency on a third-party component that contains one or more known vulnerabilities."
        },
        {
            "cwe_id": 295,
            "name": "Improper Certificate Validation",
            "description": "The product does not validate, or incorrectly validates, a certificate."
        }
    ],
    "exploits": [],
    "severity_range_score": "4.0 - 6.9",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-we2k-stgm-7uh7"
}