API Endpoints
This document describes the HTTP API endpoints of Garden Linux Vulnerability Database.
| This document and the API are work in progress and subject to change at any time. |
Get a list of CVEs by distro
To query all CVEs for a given distribution by version, you may use this endpoint:
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/cves/1592.6/packages/linux' -i -X GET \
-H 'Accept: application/json'
For all the endpoints: The sortBy and sortOrder query parameters are optional. If omitted, default sorting will be applied.
|
The expected response looks like this:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:02 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1344
[ {
"cveId" : "CVE-2025-21864",
"sourcePackageName" : "linux",
"sourcePackageVersion" : "6.6.78-0gl0~bp1592",
"gardenlinuxVersion" : "1592.6",
"cvePublishedDate" : "2025-03-12T10:15:19.520",
"cveLastModifiedDate" : "2025-03-13T21:13:34.190",
"cveLastIngestedDate" : "2025-03-13 21:13:34.19+00",
"baseScore" : 5.5,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-44953",
"sourcePackageName" : "linux",
"sourcePackageVersion" : "6.6.78-0gl0~bp1592",
"gardenlinuxVersion" : "1592.6",
"cvePublishedDate" : "2024-09-04T19:15:30.297",
"cveLastModifiedDate" : "2025-03-07T18:15:40.950",
"cveLastIngestedDate" : "2025-03-07 18:15:40.95+00",
"baseScore" : 5.5,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]Get a list of CVEs for packages by distro
This endpoint will give you all the CVE for a list of packages in a specified distro. Note that the package names are comma separated (this might be changed later). You may or may not need to url-encode the commas.
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/cves/1592.4/packages/jinja2%2Cvim' -i -X GET \
-H 'Accept: application/json'The expected response looks like this:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:01 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 837
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]Get a list of CVEs for packages by distro via PUT
This endpoint will give you all the CVE for a list of packages in a specified distro. Package names are provided in the request body in json-encoded form.
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/cves/1592.4/packages' -i -X PUT \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d ' {
"packageNames": [
"vim",
"bash",
"python3",
"curl",
"jinja2"
]
}'The expected response looks like this:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:03 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1504
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-11053",
"sourcePackageName" : "curl",
"sourcePackageVersion" : "8.11.0-1gl0",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-11T08:15:05.307",
"cveLastModifiedDate" : "2025-01-31T15:15:12.400",
"cveLastIngestedDate" : "2025-02-04 07:32:48.024849+00",
"baseScore" : 3.4,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseScoreV40" : null,
"baseScoreV31" : 3.4,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]Get List of Packages
Just gives you a list of packages in a given distribution.
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/distro/1592.4' -i -X GET \
-H 'Accept: application/json'The expected response looks like this:
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:02 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1294
[ {
"sourcePackageName" : "bind9",
"sourcePackageVersion" : "1:9.20.0-2",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "curl",
"sourcePackageVersion" : "8.11.0-1gl0",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "dnsmasq",
"sourcePackageVersion" : "2.90-4",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "golang-github-coreos-go-systemd",
"sourcePackageVersion" : "22.5.0-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "python3.12",
"sourcePackageVersion" : "3.12.7-1gl1~bp1592",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "python-systemd",
"sourcePackageVersion" : "235-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "rsync",
"sourcePackageVersion" : "3.3.0-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "systemd",
"sourcePackageVersion" : "256.4-2gardenlinux0",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "systemd-cron",
"sourcePackageVersion" : "2.4.0-1",
"gardenlinuxVersion" : "1592.4"
}, {
"sourcePackageName" : "unbound",
"sourcePackageVersion" : "1.20.0-1",
"gardenlinuxVersion" : "1592.4"
} ]Get Package With Vulnerabilities
Gives you a list of vulnerabilities for a specific package.
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/packages/jinja2' -i -X GET \
-H 'Accept: application/json'The expected response looks like this:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:03 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1674
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1.1",
"gardenlinuxVersion" : "today",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
}, {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1.1",
"gardenlinuxVersion" : "today",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]Get Package With Vulnerabilities by Version
Gives you a list of vulnerabilities for a specific package with the specified version.
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/packages/jinja2/3.1.3-1' -i -X GET \
-H 'Accept: application/json'The expected response looks like this:
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:02 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 837
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]Get Packages By Vulnerabilities
Give a list of affected packages by vulnerability
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/distro/1592.4/CVE-2024-56326' -i -X GET \
-H 'Accept: application/json'The expected response looks like this:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:01 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 837
[ {
"cveId" : "CVE-2024-56326",
"sourcePackageName" : "jinja2",
"sourcePackageVersion" : "3.1.3-1",
"gardenlinuxVersion" : "1592.4",
"cvePublishedDate" : "2024-12-23T16:15:07.590",
"cveLastModifiedDate" : "2024-12-27T18:15:38.947",
"cveLastIngestedDate" : "2025-01-13 05:22:16.87863+00",
"baseScore" : 7.8,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScoreV40" : 5.4,
"baseScoreV31" : 7.8,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null,
"vulnerable" : true
} ]Get CVE Details with Contexts
Give information on a CVE by CVE ID
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/cveDetails/CVE-2023-50387' -i -X GET \
-H 'Accept: application/json'The expected response looks like this:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:02 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 2289
{
"details" : {
"cveId" : "CVE-2023-50387",
"vulnStatus" : "\"Modified\"",
"description" : "\"Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \\\"KeyTrap\\\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.\"",
"cvePublishedDate" : "\"2024-02-14T16:15:45.300\"",
"cveModifiedDate" : "\"2024-11-21T08:36:56.937\"",
"cveIngestedDate" : "2024-11-21 08:36:56.937+00",
"kernelLtsVersion" : null,
"kernelFixedVersion" : null,
"kernelIsFixed" : null,
"kernelIsRelevantSubsystem" : null,
"distro" : [ "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux" ],
"distroVersion" : [ "today", "today", "today", "today", "1592.4", "1592.4", "1592.4", "1592.4", "1592.5", "1592.5", "1592.5" ],
"isVulnerable" : [ false, false, false, false, false, false, false, false, false, false, false ],
"sourcePackageName" : [ "bind9", "dnsmasq", "systemd", "unbound", "bind9", "dnsmasq", "systemd", "unbound", "dnsmasq", "systemd", "unbound" ],
"sourcePackageVersion" : [ "1:9.19.24-2gl0", "2.90-5", "256.8-0gl0", "1.22.0-1", "1:9.20.0-2", "2.90-4", "256.4-2gardenlinux0", "1.20.0-1", "2.90-4", "256.4-2gardenlinux0", "1.20.0-1" ],
"versionFixed" : [ "1:9.19.21-1", "2.90-1", "255.4-1", "1.19.1-1", "1:9.19.21-1", "2.90-1", "255.4-1", "1.19.1-1", "2.90-1", "255.4-1", "1.19.1-1" ],
"baseScoreV40" : null,
"baseScoreV31" : 7.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null
},
"contexts" : [ {
"id" : 1,
"cveId" : "CVE-2023-50387",
"distId" : 14,
"createDate" : "2024-12-06 11:25:25.922465+00",
"contextDescriptor" : "dummy",
"scoreOverride" : null,
"description" : "automated dummy data",
"resolved" : true
} ]
}Linux Kernel CVEs
For CVEs that match the linux kernel, the structure of the response is different. This is because unlike for other CVEs, we can’t take the data from the Debian Security Tracker. Instead, we ingest data from the upstream kernel developers for the LTS kernel versions available in Garden Linux.
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/cveDetails/CVE-2025-21864' -i -X GET \
-H 'Accept: application/json'The expected response looks like this:
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:03 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 3059
{
"details" : {
"cveId" : "CVE-2025-21864",
"vulnStatus" : "\"Analyzed\"",
"description" : "\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntcp: drop secpath at the same time as we currently drop dst\\n\\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\\nrunning tests that boil down to:\\n - create a pair of netns\\n - run a basic TCP test over ipcomp6\\n - delete the pair of netns\\n\\nThe xfrm_state found on spi_byaddr was not deleted at the time we\\ndelete the netns, because we still have a reference on it. This\\nlingering reference comes from a secpath (which holds a ref on the\\nxfrm_state), which is still attached to an skb. This skb is not\\nleaked, it ends up on sk_receive_queue and then gets defer-free'd by\\nskb_attempt_defer_free.\\n\\nThe problem happens when we defer freeing an skb (push it on one CPU's\\ndefer_list), and don't flush that list before the netns is deleted. In\\nthat case, we still have a reference on the xfrm_state that we don't\\nexpect at this point.\\n\\nWe already drop the skb's dst in the TCP receive path when it's no\\nlonger needed, so let's also drop the secpath. At this point,\\ntcp_filter has already called into the LSM hooks that may require the\\nsecpath, so it should not be needed anymore. However, in some of those\\nplaces, the MPTCP extension has just been attached to the skb, so we\\ncannot simply drop all extensions.\"",
"cvePublishedDate" : "\"2025-03-12T10:15:19.520\"",
"cveModifiedDate" : "\"2025-03-13T21:13:34.190\"",
"cveIngestedDate" : "2025-03-13 21:13:34.19+00",
"kernelLtsVersion" : [ "6.6", "6.12" ],
"kernelFixedVersion" : [ "6.6.80", "6.12.17" ],
"kernelIsFixed" : [ true, true ],
"kernelIsRelevantSubsystem" : [ true, true ],
"distro" : [ "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux", "gardenlinux" ],
"distroVersion" : [ "today", "1592.4", "1592.5", "1592.6", "1592.7", "1443.18", "1443.19", "1592.8" ],
"isVulnerable" : [ false, true, true, true, false, false, false, false ],
"sourcePackageName" : [ "linux", "linux", "linux", "linux", "linux", "linux", "linux", "linux" ],
"sourcePackageVersion" : [ "6.12.23-1gl0", "6.6.63-0gl0~bp1592", "6.6.71-0gl0~bp1592", "6.6.78-0gl0~bp1592", "6.6.83-0gl0~bp1592", "6.6.80-0gl0~bp1443", "6.6.83-0gl0~bp1443", "6.6.84-0gl0~bp1592" ],
"versionFixed" : [ "6.6.80", "6.12.17" ],
"baseScoreV40" : null,
"baseScoreV31" : 5.5,
"baseScoreV30" : null,
"baseScoreV2" : null,
"vectorStringV40" : null,
"vectorStringV31" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"vectorStringV30" : null,
"vectorStringV2" : null
},
"contexts" : [ {
"id" : 3,
"cveId" : "CVE-2025-21864",
"distId" : 16,
"createDate" : "2024-12-06 11:25:25.922465+00",
"contextDescriptor" : "UNIT_TEST",
"scoreOverride" : null,
"description" : "Unit test for https://github.com/gardenlinux/glvd/issues/122",
"resolved" : false
} ]
}Get Patch Release Notes Information
Get information about fixed security vulnerabilities in a new patch release.
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/patchReleaseNotes/1592.5' -i -X GET \
-H 'Accept: application/json'The expected response looks like this:
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:02 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 698
{
"version" : "1592.5",
"packageList" : [ {
"sourcePackageName" : "jinja2",
"oldVersion" : "3.1.3-1",
"newVersion" : "3.1.5-1gl0",
"fixedCves" : [ "CVE-2024-56326" ]
}, {
"sourcePackageName" : "rsync",
"oldVersion" : "3.3.0-1",
"newVersion" : "3.3.0+ds1-4gl0~bp1592",
"fixedCves" : [ "CVE-2024-12085", "CVE-2024-12086" ]
}, {
"sourcePackageName" : "curl",
"oldVersion" : "8.11.0-1gl0",
"newVersion" : "8.11.1-1gl0",
"fixedCves" : [ "CVE-2024-11053" ]
}, {
"sourcePackageName" : "python3.12",
"oldVersion" : "3.12.7-1gl1~bp1592",
"newVersion" : "3.12.8-5gl0~bp1592",
"fixedCves" : [ "CVE-2024-9287", "CVE-2025-0938" ]
} ]
}Triages for a Garden Linux Release
Get information about triaged security vulnerabilities in a Garden Linux release.
$ curl 'https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/triage/1592.9' -i -X GET \
-H 'Accept: application/json'The expected response looks like this:
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 26 May 2025 10:37:02 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 562
[ {
"id" : 7,
"cveId" : "CVE-2005-2541",
"distId" : 23,
"createDate" : "2024-12-06 11:25:25.922465+00",
"contextDescriptor" : "UNIT_TEST",
"scoreOverride" : null,
"description" : "Unit test for https://github.com/gardenlinux/glvd/issues/155",
"resolved" : true
}, {
"id" : 8,
"cveId" : "CVE-2019-1010022",
"distId" : 23,
"createDate" : "2024-12-06 11:25:25.922465+00",
"contextDescriptor" : "UNIT_TEST",
"scoreOverride" : null,
"description" : "Unit test for https://github.com/gardenlinux/glvd/issues/155",
"resolved" : false
} ]