Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/95864?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95864?format=api", "vulnerability_id": "VCID-95mh-919w-43as", "summary": "security update", "aliases": [ { "alias": "CVE-2023-52076" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052152?format=api", "purl": "pkg:deb/debian/atril@1.24.0-1%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.24.0-1%252Bdeb11u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/583794?format=api", "purl": "pkg:deb/debian/atril@1.24.0-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.24.0-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583795?format=api", "purl": "pkg:deb/debian/atril@1.26.0-2%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.26.0-2%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585380?format=api", "purl": "pkg:deb/debian/atril@1.26.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.26.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583796?format=api", "purl": "pkg:deb/debian/atril@1.26.2-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.26.2-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583797?format=api", "purl": "pkg:deb/debian/atril@1.28.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.28.2-1%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036500?format=api", "purl": "pkg:deb/debian/atril@1.8.0%2Bdfsg1-2~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19yj-kyhq-c7cc" }, { "vulnerability": "VCID-8ern-kbeb-j3e2" }, { "vulnerability": "VCID-95mh-919w-43as" }, { "vulnerability": "VCID-p3a2-3n7h-gugk" }, { "vulnerability": "VCID-uvmx-ktr5-jkg2" }, { "vulnerability": "VCID-v24q-8eqq-17ak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.8.0%252Bdfsg1-2~bpo70%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036501?format=api", "purl": "pkg:deb/debian/atril@1.8.1%2Bdfsg1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19yj-kyhq-c7cc" }, { "vulnerability": "VCID-8ern-kbeb-j3e2" }, { "vulnerability": "VCID-95mh-919w-43as" }, { "vulnerability": "VCID-p3a2-3n7h-gugk" }, { "vulnerability": "VCID-uvmx-ktr5-jkg2" }, { "vulnerability": "VCID-v24q-8eqq-17ak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.8.1%252Bdfsg1-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036502?format=api", "purl": "pkg:deb/debian/atril@1.8.1%2Bdfsg1-4%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19yj-kyhq-c7cc" }, { "vulnerability": "VCID-8ern-kbeb-j3e2" }, { "vulnerability": "VCID-95mh-919w-43as" }, { "vulnerability": "VCID-p3a2-3n7h-gugk" }, { "vulnerability": "VCID-uvmx-ktr5-jkg2" }, { "vulnerability": "VCID-v24q-8eqq-17ak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.8.1%252Bdfsg1-4%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037667?format=api", "purl": "pkg:deb/debian/atril@1.16.1-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19yj-kyhq-c7cc" }, { "vulnerability": "VCID-8ern-kbeb-j3e2" }, { "vulnerability": "VCID-95mh-919w-43as" }, { "vulnerability": "VCID-p3a2-3n7h-gugk" }, { "vulnerability": "VCID-uvmx-ktr5-jkg2" }, { "vulnerability": "VCID-v24q-8eqq-17ak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.16.1-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052151?format=api", "purl": "pkg:deb/debian/atril@1.20.3-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8ern-kbeb-j3e2" }, { "vulnerability": "VCID-95mh-919w-43as" }, { "vulnerability": "VCID-p3a2-3n7h-gugk" }, { "vulnerability": "VCID-v24q-8eqq-17ak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.20.3-1%252Bdeb10u1" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93528", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93536", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93539", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93565", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.9357", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93581", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93579", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93577", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.11348", "scoring_system": "epss", "scoring_elements": "0.93585", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.11758", "scoring_system": "epss", "scoring_elements": "0.9376", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.11758", "scoring_system": "epss", "scoring_elements": "0.93764", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.11758", "scoring_system": "epss", "scoring_elements": "0.93777", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.11758", "scoring_system": "epss", "scoring_elements": "0.93748", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.11758", "scoring_system": "epss", "scoring_elements": "0.93757", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52076" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061522", "reference_id": "1061522", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061522" }, { "reference_url": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50", "reference_id": "e70b21c815418a1e6ebedf6d8d31b8477c03ba50", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/" } ], "url": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50" }, { "reference_url": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37", "reference_id": "GHSA-6mf6-mxpc-jc37", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/" } ], "url": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html", "reference_id": "msg00003.html", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html" }, { "reference_url": "https://usn.ubuntu.com/6808-1/", "reference_id": "USN-6808-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6808-1/" }, { "reference_url": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2", "reference_id": "v1.26.2", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/" } ], "url": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2" } ], "weaknesses": [ { "cwe_id": 22, "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory." }, { "cwe_id": 24, "name": "Path Traversal: '../filedir'", "description": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory." }, { "cwe_id": 25, "name": "Path Traversal: '/../filedir'", "description": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize /../ sequences that can resolve to a location that is outside of that directory." }, { "cwe_id": 27, "name": "Path Traversal: 'dir/../../filename'", "description": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal ../ sequences that can resolve to a location that is outside of that directory." } ], "exploits": [], "severity_range_score": "8.5 - 8.5", "exploitability": "0.5", "weighted_severity": "7.7", "risk_score": 3.9, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95mh-919w-43as" }