Audit¶
The Audit page describes Vulners’ host- and software-auditing APIs — fast, CPE-aware endpoints to convert installed software, OS versions and KB lists into actionable vulnerability intelligence: matched advisories, CVE lists, remediation commands and prioritized patch recommendations.
Open interactive specs
Software Audit API¶
Below are the audit endpoints which replace older burp endpoints.
Audit Multiple Software¶
Allows a batch submission of multiple software entries. Each entry can be provided either as a raw CPE string or as a CPE object (with the fields such as part, vendor, product, version, etc.). Additional attributes (like update, language, target_hw, etc.) may be included as needed.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
software |
body | string | yes | Array of software entries — either CPE objects (part/vendor/product/version/…) or raw CPE strings. |
match |
body | enum | no | partial (default) or full. full requires exact match for all provided fields. |
fields |
body | array | no | Which vulnerability fields to return (defaults: title, short_description, type, href, published, modified, ai_score) |
Usage:
Query:
POST /api/v4/audit/software
Example with software objects:
curl -X POST https://vulners.com/api/v4/audit/software -H "X-Api-Key: YOUR_API_KEY" -H "Content-Type: application/json" -d '{
"software": [ # (1)
{
"vendor": "ivanti",
"product": "connect_secure",
"version": "22.7",
"update": "r2.4"
},
{
"vendor": "sonicwall",
"product": "SMA 200 firmware",
"version": "10.2.1.5-34sv"
}
],
"match": "partial", # (2)
"fields": ["title", "short_description"]
}'
-
software (array of objects or strings): Each item is either:
- An object, e.g.
{ "part": "a", "vendor": "ivanti", "product": "connect_secure", "version": "22.7", "update": "r2.4" }- A raw CPE string, e.g.
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4.
It can be also included additional attributes (e.g.,
update,language,target_hw) within the software objects; these are fully described in the CPE Usage in Vulners API section. -
"partial"(default): Relaxed matching. For example, ifupdateortarget_hwis not specified, vulnerabilities can still match partial criteria."full": Strict matching. All specified attributes must match exactly (includingupdate,language, etc.). If any field (liketarget_hw) is missing in the vulnerability listing or in your request, it won’t match.
Software
software (array of objects or strings): Each item is either:
- An object, e.g.
{
"part": "a",
"vendor": "ivanti",
"product": "connect_secure",
"version": "22.7",
"update": "r2.4"
}
- A raw CPE string, e.g.
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4.
It can be also included additional attributes (e.g., update, language, target_hw) within the software objects; these are fully described in the CPE Usage in Vulners API section.
Example with raw CPE strings:
curl -X POST https://vulners.com/api/v4/audit/software -H "X-Api-Key: YOUR_API_KEY" -H "Content-Type: application/json" -d '{
"software": [
"cpe:2.3:a:ivanti:connect_secure:22.7:r2.4",
"cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.5-34sv"
],
"match": "partial"
}'
Example with software objects:
vulners_api.audit.software(
software=[
{
"part": "a",
"vendor": "ivanti",
"product": "connect_secure",
"version": "22.7",
"update": "r2.4"
},
{
"vendor": "sonicwall",
"product": "SMA 200 firmware",
"version": "10.2.1.5-34sv"
}
],
fields=["title", "short_description"],
match='partial'
)
Example with raw CPE strings:
vulners_api.audit.software(
software=[
"cpe:2.3:a:ivanti:connect_secure:22.3:sp1",
"cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.5-34sv"
],
fields=["title", "short_description"],
match='partial'
)
{
"input": {
"part": "a",
"vendor": "ivanti",
"product": "connect_secure",
"update": "r2.4",
"version": "22.7"
},
"matched_criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2025-0282",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"vulnerable": true
}
]
]
}
],
"title": "CVE-2025-0282",
"short_description": "Stack-based buffer overflow in Ivanti Connect Secure allows remote code execution by attackers."
},
{
"id": "CVE-2025-0283",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"vulnerable": true
}
]
]
}
],
"title": "CVE-2025-0283",
"short_description": "Stack buffer overflow in Ivanti products allows local attackers to escalate privileges before updates."
}
]
},
{
"input": {
"vendor": "sonicwall",
"product": "SMA 200 firmware",
"version": "10.2.1.5-34sv"
},
"matched_criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.5-34sv:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2022-2915",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"versionEndIncluding": "10.2.1.5-34sv"
}
]
]
}
],
"title": "CVE-2022-2915",
"short_description": "A Heap-based Buffer Overflow vulnerability in SonicWall SMA100 appliance allows remote authenticated attacker to cause Denial of Servic"
},
{
"id": "CVE-2023-44221",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"versionEndIncluding": "10.2.1.9-57sv"
}
]
]
}
],
"title": "CVE-2023-44221",
"short_description": "Improper neutralization of special elements in SMA100 SSL-VPN management interface allows remote authenticated attacker to inject arbitrary commands"
},
{
"id": "CVE-2023-5970",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"versionEndIncluding": "10.2.1.9-57sv"
}
]
]
}
],
"title": "CVE-2023-5970",
"short_description": " Improper authentication in SMA100 SSL-VPN allows remote attacker to create identical external domain user using accent characters, resulting in MFA bypass"
},
{
"id": "CVE-2024-22395",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"versionEndExcluding": "10.2.1.11-65sv"
}
]
]
}
],
"title": "CVE-2024-22395",
"short_description": "Improper access control in SMA100 SSL-VPN virtual office porta"
}
]
}
Audit Host¶
This is a method for scanning multiple layers in one request. (There is no direct predecessor in older burp endpoints.)
Allows you to specify multiple software items plus additional filtering criteria that narrow down vulnerabilities to those relevant for a host environment.
In this endpoint, the parameters operating_system, hardware, and application serve as filters and are not treated as software entries.
At least one filter parameter (operating_system or application) is required.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
software |
body | string | yes | Array of software entries — either CPE objects (part/vendor/product/version/…) or raw CPE strings. |
operating_system |
body | object/string | conditional | OS filter (CPE or object). At least one of operating_system or application is required. |
application |
body | array | conditional | Application filter (e.g., WordPress) — used to limit results to application context. |
hardware |
body | array | no | Which vulnerability fields to return (defaults: title, short_description, type, href, published, modified, ai_score) |
match |
body | enum | no | partial (default) or full. full requires exact match for all provided fields. |
fields |
body | array | no | Which vulnerability fields to return (defaults: title, short_description, type, href, published, modified, ai_score) |
Important
For Audit Host, it is required to include at least one filter parameter (operating_system or application). These filters ensure that vulnerabilities are returned only for the host environment (based on OS, hardware, and/or application) and not for all provided software entries.
Example 1: Windows + .NET
Scenario: This scenario sets Windows 10/11 as the operating system, and .NET Framework 4.8 as installed software.
Usage:
Query:
POST /api/v4/audit/host
Query example:
curl -X POST https://vulners.com/api/v4/audit/host \
-H "Content-Type: application/json" \
-H "X-Api-Key: YOUR_API_KEY" \
-d '{
"software": [ # (1)
{
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "3.6"
},
{
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "4.8.1"
}
],
"operating_system": { # (2)
"part": "o",
"vendor": "microsoft",
"product": "windows_server_2022_23h2"
},
"fields": ["title", "short_description"] # (3)
}'
-
software (array of objects or strings): Each item is either:
- An object, e.g.
{ "part": "a", "vendor": "ivanti", "product": "connect_secure", "version": "22.7", "update": "r2.4" }- A raw CPE string, e.g.
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4.
It can be also included additional attributes (e.g.,
update,language,target_hw) within the software objects; these are fully described in the CPE Usage in Vulners API section. -
- operating_system (object | string): OS-level software. Could be
cpe:2.3:o:microsoft:windows_10:21h2or parted fields. - application (object | string): Specifies a top-level application. This parameter is used as an additional filter and ensures that the returned vulnerabilities are not solely for software items. At least one of
operating_systemorapplicationmust be provided.
- operating_system (object | string): OS-level software. Could be
-
List of fields to retrieve for each vulnerability. If not specified, the default fields are used. Descriptions for specified fields can be found in default fields section.
- Defaults:
"title", "short_description", "type", "href", "published", "modified", "ai_score" - Available to include:
"metrics", "exploitation", "cvelist".
- Defaults:
vulners_api.audit.host(
software=[
{
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "3.6"
},
{
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "4.8.1"
}
],
operating_system={
"part": "o",
"vendor": "microsoft",
"product": "windows_server_2022_23h2"
},
fields=[
"title",
"short_description"
],
match="partial"
)
[
{
"input": {
"part": "a",
"vendor": "microsoft",
"product": ".NET Framework",
"version": "3.6"
},
"matched_criteria": "cpe:2.3:a:microsoft:.net_framework:3.6:*:*:*:*:*:*:*",
"vulnerabilities": []
},
{
"input": {
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "4.8.1"
},
"matched_criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2024-0056",
"title": "CVE-2024-0056",
"short_description": "CVE-2024-0056 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass ..."
},
{
"id": "CVE-2024-0057",
"title": "CVE-2024-0057",
"short_description": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerabilit"
},
{
"...": "... other vulnerabilities truncated ..."
}
]
}
]
Example 2: Linux + Curl/SSH
Scenario: This scenario sets Red Hat Enterprise Linux as the OS, plus two installed packages (curl and OpenSSH).
Usage:
Query:
POST /api/v4/audit/host
Query example:
curl -X POST https://vulners.com/api/v4/audit/host -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"software": [
{
"part": "a",
"vendor": "haxx",
"product": "libcurl",
"version": "8.8"
},
{
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "8.5"
}
],
"operating_system": {
"part": "o",
"vendor": "redhat",
"product": "enterprise_linux",
"version": "9.4"
},
"fields": [
"title",
"short_description"
],
"match": "partial" # (1)
}'
"partial"(default): Relaxed matching. For example, ifupdateortarget_hwis not specified, vulnerabilities can still match partial criteria."full": Strict matching. All specified attributes must match exactly (includingupdate,language, etc.). If any field (liketarget_hw) is missing in the vulnerability listing or in your request, it won’t match.
vulners_api.audit.host(
software=[
{
"part": "a",
"vendor": "haxx",
"product": "libcurl",
"version": "8.8"
},
{
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "8.5"
}
],
operating_system={
"part": "o",
"vendor": "redhat",
"product": "enterprise_linux",
"version": "9.4"
},
fields=[
"title",
"short_description"
],
match="partial"
)
[
{
"input": {
"part": "a",
"vendor": "haxx",
"product": "libcurl",
"version": "8.8"
},
"matched_criteria": "cpe:2.3:a:haxx:libcurl:8.8:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2024-6874",
"title": "CVE-2024-6874",
"short_description": "CVE-2024-6874 macidn punycode buffer overread in libcurl url functio"
},
{
"id": "CVE-2024-7264",
"title": "CVE-2024-7264",
"short_description": "libcurl ASN1 parser `GTime2str()` function vulnerabilit"
},
{
"...": "... other vulnerabilities truncated ..."
}
]
},
{
"input": {
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "8.5"
},
"matched_criteria": "cpe:2.3:a:openbsd:openssh:8.5:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2024-6387",
"title": "CVE-2024-6387",
"short_description": "Security regression in OpenSSH server (sshd). Race condition ..."
},
{
"id": "CVE-2020-14145",
"title": "CVE-2020-14145",
"short_description": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy ..."
},
{
"...": "... other vulnerabilities truncated ..."
}
]
}
]
Example 3: WordPress + Plugin
Scenario: This scenario sets WordPress as the application filter plus a Yoast SEO plugin as installed software.
Usage:
Query:
POST /api/v4/audit/host
Query example:
curl -X POST https://vulners.com/api/v4/audit/host -H "X-Api-Key: YOUR_API_KEY" -H "Content-Type: application/json" -d '{
"software": [
{
"part": "a",
"vendor": "yoast",
"product": "yoast seo",
"version": "3.4"
}
],
"application": {
"part": "a",
"vendor": "wordpress",
"product": "wordpress"
},
"fields": ["title", "short_description"]
}'
vulners_api.audit.host(
software=[
{
"part": "a",
"vendor": "yoast",
"product": "yoast seo",
"version": "20.4"
}
],
application= {
"part": "a",
"vendor": "wordpress",
"product": "wordpress"
},
fields=[
"title",
"short_description"
],
match="partial"
)
{
"input": {
"part": "a",
"vendor": "yoast",
"product": "yoast seo",
"version": "20.4"
},
"matched_criteria": "cpe:2.3:a:yoast:yoast_seo:20.4:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "PATCHSTACK:D15EC4814FA577180898B6C415B337D4",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:typo3:*:*",
"vulnerable": true,
"versionEndIncluding": "20.4"
}
]
]
}
],
"title": "WordPress Yoast SEO Premium Plugin <= 20.4 is vulnerable to Broken Access Control",
"short_description": "WordPress Yoast SEO Premium Plugin <= 20.4 vulnerability: Broken Access Contro"
},
{
"id": "CVE-2023-40680",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "21.0"
}
]
]
}
],
"title": "CVE-2023-40680",
"short_description": "CVE-2023-40680: Stored XSS in Team Yoast Yoast SE"
},
{
"id": "CVE-2023-28775",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "20.5"
}
]
]
}
],
"title": "CVE-2023-28775",
"short_description": "Yoast SEO Premium Missing Authorization Vulnerability"
},
{
"id": "CVE-2024-4041",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "22.5"
}
]
]
}
],
"title": "CVE-2024-4041",
"short_description": "The Yoast SEO plugin for WordPress has Reflected Cross-Site Scripting vulnerabilit"
},
{
"id": "CVE-2024-4984",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "22.6"
}
]
]
}
],
"title": "CVE-2024-4984",
"short_description": "Yoast SEO plugin vulnerability allows injection of arbitrary web script"
}
]
}
Example 4: WordPress + Plugin + Linux
Scenario: This scenario sets Debian Linux as operating_system, WordPress as application, and a popular plugin (Woocommerce Pre-Orders) as installed software.
Usage:
Query:
POST /api/v4/audit/host
Query example:
curl -X POST https://vulners.com/api/v4/audit/host -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"software": [
{
"part": "a",
"vendor": "woocommerce",
"product": "woocommerce_pre-orders",
"version": "2.0"
}
],
"operating_system": {
"part": "o",
"vendor": "debian",
"product": "debian_linux",
"version": "11"
},
"application": {
"part": "a",
"vendor": "wordpress",
"product": "wordpress"
},
"fields": [
"title",
"short_description"
],
"match": "partial"
}'
vulners_api.audit.host(
software=[
{
"part": "a",
"vendor": "woocommerce",
"product": "woocommerce_pre-orders",
"version": "2.0"
}
],
operating_system={
"part": "o",
"vendor": "debian",
"product": "debian_linux",
"version": "11"
},
application= {
"part": "a",
"vendor": "wordpress",
"product": "wordpress"
},
fields=[
"title",
"short_description"
],
match="partial"
)
[
{
"input": {
"part": "a",
"vendor": "woocommerce",
"product": "woocommerce_pre-orders",
"version": "2.0"
},
"matched_criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:2.0:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2023-32793",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "2.0.0"
}
]
]
},
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "2.0.0"
}
]
]
}
],
"title": "CVE-2023-32793",
"short_description": "Auth. Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <=\u00a02.0.0 versions"
},
{
"id": "PATCHSTACK:E2F81C0D4E183BAF40E850AA31186ED1",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "2.0.0"
}
]
]
}
],
"title": "WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)",
"short_description": "WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 Cross-Site Scripting Vulnerability. Low Severit"
},
{
"id": "CVE-2023-3507",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
},
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
}
],
"title": "CVE-2023-3507",
"short_description": "The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-order"
},
{
"id": "CVE-2023-3508",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
},
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
}
],
"title": "CVE-2023-3508",
"short_description": " WooCommerce Pre-Orders WordPress plugin 2.0.3 CSRF vulnerabilit"
},
{
"id": "WPVDB-ID:C431878C-8BCA-4688-9C6B-1C9E871A6A7B",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.2"
}
]
]
}
],
"title": "WooCommerce Pre-Orders < 2.0.2 - Reflected XSS",
"short_description": "WooCommerce Pre-Orders plugin < 2.0.2 - Reflected XSS, unescaped URLs in attribute"
},
{
"id": "WPVDB-ID:064C7ACB-DB57-4537-8A6D-32F7EA31C738",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
}
],
"title": "WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF",
"short_description": "Flawed CSRF check in WooCommerce Pre-Orders < 2.0.3 allows unauthorized actions"
},
{
"id": "WPVDB-ID:E72BBE9B-E51D-40AB-820D-404E0CB86EE6",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
}
],
"title": "WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF",
"short_description": "WooCommerce Pre-Orders < 2.0.3 flawed CSRF allows arbitrary pre-order cancelin"
},
{
"id": "WPVDB-ID:A86BDCFB-A1DB-4775-8F30-8EEC3F53A77A",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.1"
}
]
]
}
],
"title": "WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS",
"short_description": "WooCommerce Pre-Orders plugin vulnerability Stored XSS"
}
]
}
]
Deprecated Endpoints¶
Deprecated
The following endpoints remain operational for now but are slated for future removal:
POST /api/v3/burp/softwareapi/POST /api/v3/burp/packages/
Use the new /api/v4/audit/ endpoints instead:
POST /api/v4/audit/softwarePOST /api/v4/audit/host
Package Audit API¶
The Package Audit API processes dependency lists from your project's package manager output and cross-references them against Vulners' vulnerability database. It identifies vulnerable packages, suggests fixed versions, and lists applicable advisories with version match ranges.
Supported package managers:
| Manager | Endpoint | Input format | Example input source |
|---|---|---|---|
| Maven | /api/v4/audit/package/maven |
Maven dependency list (text/plain) | mvn dependency:list |
| Pip | /api/v4/audit/package/pip |
Pip freeze output (text/plain) | pip freeze |
| Poetry | /api/v4/audit/package/poetry |
Poetry lock file content (text/plain) | cat poetry.lock |
| NPM | /api/v4/audit/package/npm |
package-lock.json content (text/plain) | cat package-lock.json |
| Golang | /api/v4/audit/package/golang |
Go modules list (text/plain) | go list -m all |
Response format:
All endpoints return a consistent JSON structure:
result.issues: Array of vulnerable packagespackage: Package nameversion: Current versionfixedVersion: Recommended safe versionscopes: Dependency scopes (e.g., "test", "main")applicableAdvisories: Matching vulnerabilities with IDs and version ranges
If no issues found, issues is an empty array.
Auth: X-Api-Key header required.
Maven audit¶
Usage:
Query:
POST /api/v4/audit/package/maven
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/maven \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(mvn -B -q dependency:list -DoutputFile=/dev/stdout)"
{
"result": {
"issues": [
{
"package": "junit:junit",
"version": "4.12",
"fixedVersion": "4.13.1",
"scopes": [
"test"
],
"applicableAdvisories": [
{
"id": "OSV:GHSA-269G-PWP5-87PP",
"match": ">=4.7,<4.13.1"
}
]
}
]
}
}
Pip audit¶
Usage:
Query:
POST /api/v4/audit/package/pip
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/pip \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(pip freeze)"
{
"result": {
"issues": [
{
"package": "notebook",
"version": "4.2.0",
"fixedVersion": "6.1.5",
"scopes": [
"main"
],
"applicableAdvisories": [
{
"id": "OSV:PYSEC-2018-17",
"match": ">=0,<5.7.1"
},
{
"id": "OSV:PYSEC-2018-18",
"match": ">=0,<5.7.2"
},
{
"id": "OSV:PYSEC-2020-215",
"match": ">=0,<6.1.5"
}
]
}
]
}
}
Poetry audit¶
Usage:
Query:
POST /api/v4/audit/package/poetry
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/poetry \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(cat poetry.lock)"
{
"result": {
"issues": [
{
"package": "notebook",
"version": "4.2.0",
"fixedVersion": "6.1.5",
"scopes": [
"main"
],
"applicableAdvisories": [
{
"id": "OSV:PYSEC-2018-17",
"match": ">=0,<5.7.1"
},
{
"id": "OSV:PYSEC-2018-18",
"match": ">=0,<5.7.2"
},
{
"id": "OSV:PYSEC-2020-215",
"match": ">=0,<6.1.5"
}
]
}
]
}
}
Npm audit¶
Usage:
Query:
POST /api/v4/audit/package/npm
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/npm \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(cat package-lock.json)"
{
"result": {
"issues": [
{
"package": "@babel/helpers",
"version": "7.26.0",
"fixedVersion": "7.26.10",
"scopes": [
"main"
],
"applicableAdvisories": [
{
"id": "OSV:GHSA-968P-4WVH-CQC8",
"match": ">=0,<7.26.10"
}
]
},
{
"package": "nuxt",
"version": "3.15.2",
"fixedVersion": "3.19.0",
"scopes": [
"main"
],
"applicableAdvisories": [
{
"id": "SNYK:JS-NUXT-12878602",
"match": ">=3.6.0,<3.19.0"
}
]
}
]
}
}
Golang audit¶
Usage:
Query:
POST /api/v4/audit/package/golang
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/golang \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(go list -m all)"
{
"result": {
"issues": [
]
}
}
Windows Audit¶
Audit Windows via KB¶
Quick audit of Windows hosts by OS version + installed KB list. Good for patch status checks.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
os |
body | string | yes | OS name/version (e.g., Windows Server 2012 R2) |
kbList |
body | object/string | yes | Array of installed KB IDs (e.g., ["KB5009586","KB5009624"]). |
Usage:
Query:
POST /api/v3/audit/kb/
Query example:
curl -XPOST https://vulners.com/api/v3/audit/kb/ -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"os": "Windows Server 2012 R2", # (1)
"kbList": ["KB5009586", "KB5009624", "KB5008230", "KB5007247", "KB5005693", "KB5007205", "KB5003646"]
# (2)
}'
-
OS version can be obtained from systeminfo
-
Installed KBs is also via systeminfo or via wmic qfe list.
win_vulners = vulners_api.audit.kb_audit(
os="Windows Server 2016", kb_list=["KB5009586", "KB5009624", "KB5008230", "KB5007247", "KB5005693", "KB5007205", "KB5003646"])
need_2_install_kb = win_vulners['kbMissed']
affected_cve = win_vulners['cvelist']
[
"KB5000803",
"KB5017095",
"KB5011495",
"KB5003638",
"KB5009546",
"KB5012596",
"KB5004948",
"KB5001347",
"KB5007192",
"KB5004238",
"KB5010359",
"KB5014702",
"KB5016622",
"KB4601318",
"KB5005573",
"KB5008207",
"KB5006669",
"KB5012170",
"KB5015808",
"KB5005043",
"KB5013952",
"KB5003197"
]
[ "CVE-2021-36942",
"CVE-2021-31958",
"CVE-2022-34302",
"CVE-2022-30166",
"CVE-2022-22002",
"CVE-2021-1640",
"CVE-2021-24111",
"CVE-2022-26832",
"CVE-2021-33757",
"CVE-2021-41361",
"CVE-2021-36938",
"CVE-2020-1036",
"CVE-2021-42279",
"CVE-2022-34303",
"CVE-2021-28318",
"CVE-2020-1472",
"CVE-2022-21897",
"CVE-2021-38667",
"CVE-2021-31959",
"CVE-2021-34481",
"CVE-2022-30154",
"CVE-2021-34459",
"CVE-2022-23293",
"CVE-2020-17049",
"CVE-2020-26784",
"CVE-2022-22048",
"CVE-2021-33779",
"CVE-2021-43893",
"CVE-2022-26784",
"CVE-2021-26419",
"CVE-2021-34527",
"CVE-2022-35822",
"CVE-2022-34301",
"CVE-2022-30138",
"CVE-2021-264110"
]
Audit installed KB's and software¶
Use quick audit of Windows hosts for installed security KB and software. Windows audit requires OS version, a list of installed updates (KB) and a list of installed software, CPE parts such as target_sw, sw_edition, and platform can be used to improve accuracy.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
os |
body | string | yes | OS name (e.g., windows). |
version |
body | string | yes | OOS version string (e.g., 10.0.19045). |
kbList |
body | array | yes | Installed KB IDs. |
software |
body | array | no | Installed software list with optional CPE-like attributes. |
platform |
body | string | no | Applies target_hw to all software entries if provided. |
Possible values for CPE parameters:
*: Includes all values, both those containing - or * and without."-": Filters results to exclude specified values.."software_name": Includes results with this value and any values containing*.
Defaults:
- platform:
arm64if not explicitly specified. - target_sw:
windowsif not explicitly specified
Usage:
Query:
POST /api/v3/audit/winaudit/
Query example:
curl -XPOST https://vulners.com/api/v3/audit/winaudit/ -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"os": "windows",
"os_version": "10.0.19045",
"kb_list": ["KB5009586", "KB5009624", "KB5008230", "KB5007247", "KB5005693", "KB5007205", "KB5003646"],
# (1)
"software": [ # (2)
{"software": "7-Zip", "version": "19.00", "sw_edition": "home_premium", "target_sw": "windows", "target_hw": "x64", "update": "sp1", "language": "en"},
{"software": "Git", "version": "2.33.0.2", "target_sw": "windows", "target_hw": "x64"},
{"software": "Notepad++", "version": "8.4.6", "target_sw": "windows", "target_hw": "x64"},
{"software": "Microsoft OneDrive", "version": "22.227.1030.0001", "sw_edition": "home_premium", "target_sw": "windows", "target_hw": "x64"},
{"software": "VMware Fusion", "version": "13.1", "target_sw": "windows", "target_hw": "x64"}
]
}'
-
List of installed updates (KB), which can be gathered via comands
systeminfoorwmic qfe list. -
List of installed software and version information, with optional CPE parameters for further refinement. Read more
kb = ["KB5009586", "KB5009624", "KB5008230", "KB5007247", "KB5005693", "KB5007205", "KB5003646"]
software = [{'software': '7-Zip', 'version': '19.00', 'sw_edition': 'home_premium', 'target_sw': 'windows', 'target_hw': 'x64', 'update': 'sp1', 'language': 'en'},
{'software': 'Git', 'version': '2.33.0.2', 'target_sw': 'windows', 'target_hw': 'x64'},
{'software': 'Notepad++', 'version': '8.4.6', 'target_sw': 'windows', 'target_hw': 'x64'},
{'software': 'Microsoft OneDrive', 'version': '22.227.1030.0001', 'sw_edition': 'home_premium', 'target_sw': 'windows', 'target_hw': 'x64'},
{'software': 'VMware Fusion', 'version': '13.1', 'target_sw': 'windows', 'target_hw': 'x64'}
]
os_name = 'windows'
os_version = '10.0.19045'
report = vulners_api.audit.win_audit(os=os_name, os_version=os_version, kb_list=kb, software=software)
- package: The name of the software package.
- published: The date when the bulletin was published.
- bulletinID: The ID of the bulletin associated with the CVEs.
- **cvelist*: List of CVE IDs linked to the package.
- cvss: CVSS score and severity level of the vulnerabilities.
- fix: Suggested update or patch to fix the issue.
[
{
"package": "windows 11 version 22h2",
"published": "2024-09-10",
"bulletinID": "MS:CVE-2024-38254",
"cvelist": ["CVE-2024-38254"],
"cvss": {
"score": 6.2,
"severity": "MEDIUM"
},
"fix": "Install KB5043076 update"
},
{
"package": "windows 11 version 23h2",
"published": "2024-09-10",
"bulletinID": "MS:CVE-2024-38257",
"cvelist": ["CVE-2024-38257"],
"cvss": {
"score": 7.5,
"severity": "HIGH"
},
"fix": "Install KB5043076 update"
},
{
"package": "windows 11 version 23h2",
"published": "2024-07-09",
"bulletinID": "MS:CVE-2024-38517",
"cvelist": ["CVE-2024-38517"],
"cvss": {
"score": 7.8,
"severity": "HIGH"
},
"fix": "Install KB5040442 update"
}
]
Windows KB superseeding/parentseeding¶
Refer to this if you need more information about KB after the previous method. Superseeded information will be returned as a dictionary with two fields: superseeds, parentseeds.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
id |
body | string | yes | KB identifier (e.g., KB4524135). |
fields |
body | string | yes | Include superseeds and/or parentseeds.. |
Usage:
Query:
POST /api/v3/search/id/
Query example:
curl -XPOST https://vulners.com/api/v3/search/id/ -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"id": "KB4524135",
"fields": [
"superseeds", # (1)
"parentseeds" # (2)
]
}'
-
Superseeds means "what KB are covered by this KB".
-
Parentseeds means "what KB are covering this KB".
seeds = vulners_api.search.get_kb_seeds()("KB4524135")
{
"superseeds": [
"KB3021952",
"KB4103768",
"KB2699988",
"KB3100773",
"KB931768",
"KB4466536",
"KB4343205",
"KB896688",
"KB4462949",
"KB2977629",
"KB2817183",
"KB972260",
"KB4457426",
"KB980182",
"KB929969",
"KB4470199",
"KB2544521",
"KB4511872",
"KB2744842",
"KB2879017",
"KB2497640",
"KB2360131",
"KB4025252",
"KB2829530",
"KB4047206",
"KB3093983",
"KB4507434",
"KB4056568",
"KB960714",
"KB2530548",
"KB3203621",
"KB833989",
"KB2761451",
"KB3139929",
"KB4339093",
"KB4483187",
"KB969897",
"KB910620",
"KB942615",
"KB956390",
"KB937143",
"KB4052978",
"KB2416400",
"KB4018271",
"KB2987107",
"KB2870699",
"KB982381",
"KB2183461",
"KB2586448",
"KB958215",
"KB963027",
"KB2862772",
"KB4012204",
"KB4036586",
"KB3175443",
"KB933566",
"KB947864",
"KB2647516",
"KB4486474",
"KB944533",
"KB2976627",
"KB4074736",
"KB2792100",
"KB905915",
"KB922760",
"KB4489873",
"KB883939",
"KB2797052",
"KB2909212",
"KB4230450",
"KB3003057",
"KB4092946",
"KB2963952",
"KB978207",
"KB4034733",
"KB939653",
"KB976325",
"KB3154070",
"KB4040685",
"KB3038314",
"KB928090",
"KB2675157",
"KB4493435",
"KB3197655",
"KB896727",
"KB3034196",
"KB3049563",
"KB3032359",
"KB2618444",
"KB974455",
"KB938127",
"KB2838727",
"KB3148198",
"KB3191492",
"KB3170106",
"KB2559049",
"KB2809289",
"KB3058515",
"KB4014661",
"KB4516046",
"KB950759",
"KB925486",
"KB3036197",
"KB3124275",
"KB2799329",
"KB3008923",
"KB3078071",
"KB953838",
"KB3065822",
"KB2722913",
"KB4021558",
"KB3104002",
"KB912812",
"KB918899",
"KB2482017",
"KB3160005",
"KB2962872",
"KB4096040",
"KB916281",
"KB3185319",
"KB3087038",
"KB4480965",
"KB2761465",
"KB4089187",
"KB2846071",
"KB890923",
"KB4503259",
"KB4498206",
"KB3134814"
],
"parentseeds": [
"KB4571687",
"KB4534251",
"KB4540671",
"KB4586768",
"KB4519974",
"KB4525106",
"KB4530677",
"KB4556798",
"KB4565479",
"KB4561603",
"KB4537767",
"KB4550905",
"KB4577010"
]
}
Get the list of Windows KB updates with download urls¶
Search Microsoft Catalog entries for KBs and return catalog URLs.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
query |
body | string | yes | Lucene query, e.g. type:msupdate AND kb:(KB4524135) |
fields |
body | int | no | Offset |
fields |
body | int | no | Limit |
Usage:
Query:
POST /api/v3/search/lucene/
Query example:
curl -XPOST https://vulners.com/api/v3/search/lucene/ -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"query": "type:msupdate AND kb:(KB4524135)",
"skip": 0,
"size": 100,
"fields": [
"id",
"title",
"description",
"type",
"bulletinFamily",
"cvss",
"published",
"modified",
"lastseen",
"href",
"sourceHref",
"sourceData",
"cvelist"]
}'
microsoft_updates_for_kb = vulners_api.search.get_kb_updates()("KB4524135")
updates_download_links = [update.get('href') for update in microsoft_updates_for_kb]
[
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=ef31383a-7932-441a-a626-f0a145cc422a",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=18552c40-7e36-4f15-960a-9717a4912af1",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=375f016c-b4ac-4d71-9dee-8095427a3c86",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=2ca3d95f-1ecb-4850-aeb4-afb63cd6374a",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=72890150-da44-47b2-b1b5-7dce2d5d1a30",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=fba96f27-5955-45e1-82e5-ad350b4627e0",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=9668152f-78a1-44f9-a229-38e86189703a",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=e08d28ef-d685-412c-b0bc-8cc26bf899c3",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=a22dcbac-485a-4834-8556-fee2e437ab9b",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=db62995c-3814-4fd7-a481-dc285f0640e2",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=16216817-6043-4587-a803-9b3a9f3a58cc",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=393d67e1-8827-4c6d-9187-b6320a9a03bc",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=b18abca1-c8ec-4e43-9fa0-cc2b2a518304",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=96c42c78-234b-4ae7-b097-be0eb8ac6f25",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=63cc9ae6-6d02-4936-8b77-b976b440ff25",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=2661795f-8beb-468f-9c4f-0de83724a90f"
]
Linux Audit¶
Analyze installed Linux packages (RPM, DEB, APK) and match them against Vulners vulnerability database. This endpoint is intended for fast, batch auditing of package lists exported from servers, containers or build images.
Supported systems¶
Fetch all currently supported operating systems. These values are used as inputs for the audit request below.
Auth: X-Api-Key header required.
Parameters: None
Usage:
Query:
GET /api/v3/audit/getSupportedOS
Query example:
curl -G "https://vulners.com/api/v3/audit/getSupportedOS" -H "X-Api-Key: YOUR_API_KEY"
Audit Linux hosts¶
Check installed packages against known vulnerabilities and retrieve matching advisories.
Quick notes:
- Accepts package lists collected from RPM (RHEL/CentOS/OL), DEB (Debian/Ubuntu) and APK (Alpine) ecosystems.
- packages is the main required field - provide one package per line or as an array of package strings. The endpoint supports up to 2500 package entries per request.
- Provide osName and osVersion when possible for the most accurate matching; if omitted, the service performs best-effort matching based on package metadata.
- cvelistMetrics is available only for non-free / trial licenses and adds additional aggregated metrics to the response.
Auth: X-Api-Key header required.
Request body parameters:
| Field | Type | Required | Description |
|---|---|---|---|
packages |
array[string] | yes | List of packages (strings). Each item should be the package name with version and, if applicable, arch. Min 1 / Max 2500 entries. |
osName / osName |
string | no (recommended) | OS name or ID (ubuntu, debian, rhel, ol, alpine, etc.). Use osName key in JSON payload. |
osVersion |
string | no (recommended) | OS version (e.g. 22.04, 7, 8.6, ...). Use osVersion key in JSON payload. |
osArch |
string | no | OS architecture (e.g. x86_64, aarch64) — used as default arch for packages when not specified. |
includeUnofficial |
boolean | no | If true, include matches from unofficial sources (third‑party repos). Default: false. |
includeCandidates |
boolean | no | If true, include "candidate" findings (lower confidence or tentative matches). Default: false. |
includeAnyVersion |
boolean | no | If true, include vulnerabilities that match any version (broad/less strict matching). Default: false. |
cvelistMetrics |
boolean | no | Add additional CVE list metrics — available for non‑free/trial licenses. Default: false. |
Usage:
Query:
POST /api/v4/audit/linux/
Query example:
curl -sS -X POST "https://vulners.com/api/v4/audit/linux" \
-H "Content-Type: application/json" \
-H "X-Api-Key: YOUR_API_KEY" \
--data-binary @- << 'JSON'
{
"osName": "ubuntu",
"osVersion": "22.04",
"packages": [
"bash 5.1-6ubuntu1.2 amd64",
"openssl 3.0.2-0ubuntu1.10 amd64",
"nginx 1.18.0-0ubuntu1 amd64"
],
"includeUnofficial": false,
"includeCandidates": false,
"includeAnyVersion": false,
"cvelistMetrics": false
}
JSON
api.audit.linux_audit(
os_name="ubuntu",
os_version="22.04",
packages=[
"bash 5.1-6ubuntu1.2 amd64",
"openssl 3.0.2-0ubuntu1.10 amd64",
"nginx 1.18.0-0ubuntu1 amd64"
],
include_unofficial=False,
include_candidates=False,
include_any_version=False,
)
{
"result": {
"issues": [
{
"package": "nginx 1.18.0-0ubuntu1 amd64",
"fixedPackage": "nginx_1.18.0-6ubuntu14.7_noarch.deb",
"applicableAdvisories": [
{
"id": "USN-5371-2",
"operator": "lt",
"version": "1.18.0-6ubuntu14.1"
},
{
"id": "USN-5722-1",
"operator": "lt",
"version": "1.18.0-6ubuntu14.3"
},
{
"id": "UB:CVE-2024-7347",
"operator": "lt",
"version": "1.18.0-6ubuntu14.5"
},
{
"id": "USN-7014-1",
"operator": "lt",
"version": "1.18.0-6ubuntu14.5"
},
{
"id": "USN-7285-1",
"operator": "lt",
"version": "1.18.0-6ubuntu14.6"
},
{
"id": "USN-7715-1",
"operator": "lt",
"version": "1.18.0-6ubuntu14.7"
}
]
},
{
"package": "openssl 3.0.2-0ubuntu1.10 amd64",
"fixedPackage": "openssl_3.0.2-0ubuntu1.20_noarch.deb",
"applicableAdvisories": [
{
"id": "USN-6450-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.12"
},
{
"id": "USN-6622-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.14"
},
{
"id": "USN-6663-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.15"
},
{
"id": "USN-6854-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.16"
},
{
"id": "USN-6937-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.17"
},
{
"id": "UB:CVE-2024-6119",
"operator": "lt",
"version": "3.0.2-0ubuntu1.18"
},
{
"id": "USN-6986-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.18"
},
{
"id": "UB:CVE-2024-9143",
"operator": "lt",
"version": "3.0.2-0ubuntu1.19"
},
{
"id": "USN-7278-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.19"
},
{
"id": "USN-7786-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.20"
}
]
}
],
"errors": []
}
}