CVE API

PreviousPricing & Billing

Last updated 9 months ago

CVE API

Endpoint

Host: https://api.sec1.io
Context: /rest/foss
Endpoint: /cve/v1/cve-details

POST `/cve/v1/cve-details`

Fetches details about CVEs based on the search criteria. By default, it returns the latest 20 CVEs.

Security:

Requires API key authentication (header: sec1-api-key)

Request Body:

{
  "cveIdList": ["string"],
  "component": "string",
  "ecosystem": ["string"],
  "pageNumber": "string",
  "pageSize": "string",
  "sortBy": "string",
  "sortOrder": "string",
  "fromDate": "YYYY-MM-DD",
  "toDate": "YYYY-MM-DD",
  "severity": ["string"],
  "kev": boolean,
  "zeroDay": boolean
}

Parameters:

cveIdList: List of CVE IDs to search for
component: Component to search for (e.g., "spring-core 3.0")
ecosystem: List of ecosystems to filter by. e.g. maven, linux, npm
pageNumber: Page number for pagination (starts from 1)
pageSize: Number of results per page (default: 20, max: 100)
sortBy: Field to sort by. Allowed fields - publishedDate, lastModifiedDate, cveId, severity. Default: publishedDate
sortOrder: Order to sort by (asc or desc). Default: desc
fromDate: Start date for the search range e.g. 2024-08-24
toDate: End date for the search range e.g. 2024-04-02
severity: List of severity levels to filter by e.g. ['critical','high','medium','low']
kev: Filter by Known Exploited Vulnerability (KEV) status
zeroDay: Filter by zero-day vulnerability status

Notes:

At least one of the following search fields must be provided: cveIdList, component, ecosystem, severity, kev, or zeroDay.
If cveIdList is provided, all other search criteria will be ignored.
The component field allows searching for specific components, e.g., "spring-core 3.0".
If no pageSize is specified, the API returns 20 results by default.
The maximum allowed pageSize is 100. If a larger value is provided, it will be capped at 100.

Example request:

POST /rest/foss/cve/v1/cve-details HTTP/1.1
Host: api.sec1.io
Content-Type: application/json
sec1-api-key: your_api_key_here
{
  "cveIdList": ["CVE-2022-22965", "CVE-2023-38408"],
  "ecosystem": ["maven"],
  "pageSize": "1",
  "sortBy": "publishedDate",
  "sortOrder": "desc",
  "severity": ["critical", "high"]
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "responseData": [
    {
      "cveId": "CVE-2022-22965",
      "description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.",
      "publishedDate": "2022-04-01 23:15:00.0",
      "lastModifiedDate": "2023-02-09 02:07:00.0",
      "cvssV3BaseScore": "9.8",
      "cvssV3BaseSeverity": "CRITICAL",
      "cvssV2BaseScore": "7.5",
      "cvssV2BaseSeverity": "HIGH",
      "cveStatus": "PUBLIC",
      "zeroDay": true,
      "epss": "0.974830000",
      "percentile": "0.999730000",
      "epssDate": "2024-06-14",
      "cveTypes": [
        {
          "cweId": "CWE-94",
          "cveType": "Code Injection"
        }
      ],
      "owaspTop10Tags": [
        {
          "id": "A03_2021-Injection",
          "name": "A03:2021 – Injection"
        }
      ],
      "impactedPackages": [
        {
          "packageurl": "pkg:maven/org.springframework/spring-webmvc",
          "ecosystem": "maven",
          "impactedVersions": ["5.3.0", "5.3.1", "5.3.2", "...", "5.3.17"],
          "nonImpactedVersions": ["5.3.18", "5.3.19", "5.3.20", "...", "6.1.12"],
          "recommendedVersion": "5.2.20.RELEASE",
          "affectedRanges": [
            "<5.2.20.RELEASE",
            ">=5.3.0, <5.3.18"
          ]
        }
      ],
      "referenceUrls": {
        "linux-debian": [
          "https://security-tracker.debian.org/tracker/CVE-2022-22965"
        ],
        "linux-redhat": [
          "https://access.redhat.com/security/cve/CVE-2022-22965"
        ]
      }
    }
  ],
  "errorMessage": "",
  "cveCount": 1
}

Error Handling

HTTP Status Codes:

200 OK: The request was processed successfully. This includes cases where the request was valid but no results were found, or when there are validation errors in the search criteria.
401 Unauthorized: The API key is invalid or not provided.
500 Internal Server Error: Unexpected server-side errors.

Error Messages: For requests that return a 200 status code, error messages may be included in the response body under the errorMessage field. Some possible error messages include:

"At least one of the search fields must be provided from 'cveIdList, ecosystem, component, severity, kev, zeroDay'. Please update your search criteria."
"From date is greater than last 100 days. API only supports from date less than last 100 days. Update your search query."
"There is some data which is older than last 100 days."

Example error response (200 OK with error message):

{
  "searchType": "COMPONENT",
  "responseData": [],
  "ecosystemFilterList": [],
  "errorMessage": "At least one of the search fields must be provided from 'cveIdList, ecosystem, component, severity, kev, zeroDay'. Please update your search criteria.",
  "cveCount": 0
}

Example 401 Unauthorized response:

HTTP/1.1 401 Unauthorized
Content-Type: application/json

{
  "errorMessage": "Invalid or missing API key"
}

Notes on API Usage

If cveIdList is provided, all other search criteria will be ignored.
Ensure that at least one of the required search fields (cveIdList, ecosystem, component, severity, kev, zeroDay) is provided in each request.
When specifying dates, ensure that the fromDate is not more than 100 days in the past.
The API key must be included in the sec1-api-key header for all requests. Requests without a valid API key will receive a 401 Unauthorized response.
If you receive an error message about data being older than last 100 days, consider adjusting your date range or consulting the API provider for access to historical data.

PreviousPricing & Billing

Last updated 9 months ago

Endpoint

Host: https://api.sec1.io
Context: /rest/foss
Endpoint: /cve/v1/cve-details

POST `/cve/v1/cve-details`

Fetches details about CVEs based on the search criteria. By default, it returns the latest 20 CVEs.

Security:

Requires API key authentication (header: sec1-api-key)

Request Body:

{
  "cveIdList": ["string"],
  "component": "string",
  "ecosystem": ["string"],
  "pageNumber": "string",
  "pageSize": "string",
  "sortBy": "string",
  "sortOrder": "string",
  "fromDate": "YYYY-MM-DD",
  "toDate": "YYYY-MM-DD",
  "severity": ["string"],
  "kev": boolean,
  "zeroDay": boolean
}

Parameters:

cveIdList: List of CVE IDs to search for
component: Component to search for (e.g., "spring-core 3.0")
ecosystem: List of ecosystems to filter by. e.g. maven, linux, npm
pageNumber: Page number for pagination (starts from 1)
pageSize: Number of results per page (default: 20, max: 100)
sortBy: Field to sort by. Allowed fields - publishedDate, lastModifiedDate, cveId, severity. Default: publishedDate
sortOrder: Order to sort by (asc or desc). Default: desc
fromDate: Start date for the search range e.g. 2024-08-24
toDate: End date for the search range e.g. 2024-04-02
severity: List of severity levels to filter by e.g. ['critical','high','medium','low']
kev: Filter by Known Exploited Vulnerability (KEV) status
zeroDay: Filter by zero-day vulnerability status

Notes:

At least one of the following search fields must be provided: cveIdList, component, ecosystem, severity, kev, or zeroDay.
If cveIdList is provided, all other search criteria will be ignored.
The component field allows searching for specific components, e.g., "spring-core 3.0".
If no pageSize is specified, the API returns 20 results by default.
The maximum allowed pageSize is 100. If a larger value is provided, it will be capped at 100.

Example request:

POST /rest/foss/cve/v1/cve-details HTTP/1.1
Host: api.sec1.io
Content-Type: application/json
sec1-api-key: your_api_key_here
{
  "cveIdList": ["CVE-2022-22965", "CVE-2023-38408"],
  "ecosystem": ["maven"],
  "pageSize": "1",
  "sortBy": "publishedDate",
  "sortOrder": "desc",
  "severity": ["critical", "high"]
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "responseData": [
    {
      "cveId": "CVE-2022-22965",
      "description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.",
      "publishedDate": "2022-04-01 23:15:00.0",
      "lastModifiedDate": "2023-02-09 02:07:00.0",
      "cvssV3BaseScore": "9.8",
      "cvssV3BaseSeverity": "CRITICAL",
      "cvssV2BaseScore": "7.5",
      "cvssV2BaseSeverity": "HIGH",
      "cveStatus": "PUBLIC",
      "zeroDay": true,
      "epss": "0.974830000",
      "percentile": "0.999730000",
      "epssDate": "2024-06-14",
      "cveTypes": [
        {
          "cweId": "CWE-94",
          "cveType": "Code Injection"
        }
      ],
      "owaspTop10Tags": [
        {
          "id": "A03_2021-Injection",
          "name": "A03:2021 – Injection"
        }
      ],
      "impactedPackages": [
        {
          "packageurl": "pkg:maven/org.springframework/spring-webmvc",
          "ecosystem": "maven",
          "impactedVersions": ["5.3.0", "5.3.1", "5.3.2", "...", "5.3.17"],
          "nonImpactedVersions": ["5.3.18", "5.3.19", "5.3.20", "...", "6.1.12"],
          "recommendedVersion": "5.2.20.RELEASE",
          "affectedRanges": [
            "<5.2.20.RELEASE",
            ">=5.3.0, <5.3.18"
          ]
        }
      ],
      "referenceUrls": {
        "linux-debian": [
          "https://security-tracker.debian.org/tracker/CVE-2022-22965"
        ],
        "linux-redhat": [
          "https://access.redhat.com/security/cve/CVE-2022-22965"
        ]
      }
    }
  ],
  "errorMessage": "",
  "cveCount": 1
}

Error Handling

HTTP Status Codes:

200 OK: The request was processed successfully. This includes cases where the request was valid but no results were found, or when there are validation errors in the search criteria.
401 Unauthorized: The API key is invalid or not provided.
500 Internal Server Error: Unexpected server-side errors.

Error Messages: For requests that return a 200 status code, error messages may be included in the response body under the errorMessage field. Some possible error messages include:

"At least one of the search fields must be provided from 'cveIdList, ecosystem, component, severity, kev, zeroDay'. Please update your search criteria."
"From date is greater than last 100 days. API only supports from date less than last 100 days. Update your search query."
"There is some data which is older than last 100 days."

Example error response (200 OK with error message):

{
  "searchType": "COMPONENT",
  "responseData": [],
  "ecosystemFilterList": [],
  "errorMessage": "At least one of the search fields must be provided from 'cveIdList, ecosystem, component, severity, kev, zeroDay'. Please update your search criteria.",
  "cveCount": 0
}

Example 401 Unauthorized response:

HTTP/1.1 401 Unauthorized
Content-Type: application/json

{
  "errorMessage": "Invalid or missing API key"
}

Notes on API Usage

If cveIdList is provided, all other search criteria will be ignored.
Ensure that at least one of the required search fields (cveIdList, ecosystem, component, severity, kev, zeroDay) is provided in each request.
When specifying dates, ensure that the fromDate is not more than 100 days in the past.
The API key must be included in the sec1-api-key header for all requests. Requests without a valid API key will receive a 401 Unauthorized response.
If you receive an error message about data being older than last 100 days, consider adjusting your date range or consulting the API provider for access to historical data.

Endpoint

POST /cve/v1/cve-details

Error Handling

Notes on API Usage

Endpoint

POST /cve/v1/cve-details

Error Handling

Notes on API Usage

POST `/cve/v1/cve-details`

POST `/cve/v1/cve-details`