Improvements & fixes coming to the "List issues for a package" APIs 🔧

We're pleased to announce that on Friday, July 11th, 2025 we will be introducing several improvements to the "List issues for a package" APIs.

This release will reduce request latency and improve the timeliness of newly published advisories being returned by the API.

In addition, this release will address several bugs listed below, which may result in changes to the number of vulnerabilities returned for some packages:

• Currently the API responds with all vulnerabilities about a package in Linux ecosystems (apk, deb and rpm). The fix reduces those down to only the vulnerabilities affecting the specified version.

• Requests for npm purls that contain an @ symbol in the namespace currently cause a 400 Bad Request. This change properly parses these purls and instead correctly returns a 200 OK with the expected vulnerabilities.

• When there is no remedy, the remedies array will now be empty.

• The problems array is now consistently sorted by each objects id.
  

Please reach out if you have any questions.