ProductsBook A DemoContact Us

CVE API

Endpoint

  • Host: https://api.sec1.io

  • Context: /rest/foss

  • Endpoint: /cve/v1/cve-details

POST /cve/v1/cve-details

Fetches details about CVEs based on the search criteria. By default, it returns the latest 20 CVEs.

Security:

Request Body:

{
  "cveIdList": ["string"],
  "component": "string",
  "ecosystem": ["string"],
  "pageNumber": "string",
  "pageSize": "string",
  "sortBy": "string",
  "sortOrder": "string",
  "fromDate": "YYYY-MM-DD",
  "toDate": "YYYY-MM-DD",
  "severity": ["string"],
  "kev": boolean,
  "zeroDay": boolean
}

Parameters:

  • cveIdList: List of CVE IDs to search for

  • component: Component to search for (e.g., "spring-core 3.0")

  • ecosystem: List of ecosystems to filter by. e.g. maven, linux, npm

  • pageNumber: Page number for pagination (starts from 1)

  • pageSize: Number of results per page (default: 20, max: 100)

  • sortBy: Field to sort by. Allowed fields - publishedDate, lastModifiedDate, cveId, severity. Default: publishedDate

  • sortOrder: Order to sort by (asc or desc). Default: desc

  • fromDate: Start date for the search range e.g. 2024-08-24

  • toDate: End date for the search range e.g. 2024-04-02

  • severity: List of severity levels to filter by e.g. ['critical','high','medium','low']

  • kev: Filter by Known Exploited Vulnerability (KEV) status

  • zeroDay: Filter by zero-day vulnerability status

Notes:

  • At least one of the following search fields must be provided: cveIdList, component, ecosystem, severity, kev, or zeroDay.

  • If cveIdList is provided, all other search criteria will be ignored.

  • The component field allows searching for specific components, e.g., "spring-core 3.0".

  • If no pageSize is specified, the API returns 20 results by default.

  • The maximum allowed pageSize is 100. If a larger value is provided, it will be capped at 100.

Example request:

POST /rest/foss/cve/v1/cve-details HTTP/1.1
Host: api.sec1.io
Content-Type: application/json
sec1-api-key: your_api_key_here
{
  "cveIdList": ["CVE-2022-22965", "CVE-2023-38408"],
  "ecosystem": ["maven"],
  "pageSize": "1",
  "sortBy": "publishedDate",
  "sortOrder": "desc",
  "severity": ["critical", "high"]
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json
{
  "responseData": [
    {
      "cveId": "CVE-2022-22965",
      "description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.",
      "publishedDate": "2022-04-01 23:15:00.0",
      "lastModifiedDate": "2023-02-09 02:07:00.0",
      "cvssV3BaseScore": "9.8",
      "cvssV3BaseSeverity": "CRITICAL",
      "cvssV2BaseScore": "7.5",
      "cvssV2BaseSeverity": "HIGH",
      "cveStatus": "PUBLIC",
      "zeroDay": true,
      "epss": "0.974830000",
      "percentile": "0.999730000",
      "epssDate": "2024-06-14",
      "cveTypes": [
        {
          "cweId": "CWE-94",
          "cveType": "Code Injection"
        }
      ],
      "owaspTop10Tags": [
        {
          "id": "A03_2021-Injection",
          "name": "A03:2021 – Injection"
        }
      ],
      "impactedPackages": [
        {
          "packageurl": "pkg:maven/org.springframework/spring-webmvc",
          "ecosystem": "maven",
          "impactedVersions": ["5.3.0", "5.3.1", "5.3.2", "...", "5.3.17"],
          "nonImpactedVersions": ["5.3.18", "5.3.19", "5.3.20", "...", "6.1.12"],
          "recommendedVersion": "5.2.20.RELEASE",
          "affectedRanges": [
            "<5.2.20.RELEASE",
            ">=5.3.0, <5.3.18"
          ]
        }
      ],
      "referenceUrls": {
        "linux-debian": [
          "https://security-tracker.debian.org/tracker/CVE-2022-22965"
        ],
        "linux-redhat": [
          "https://access.redhat.com/security/cve/CVE-2022-22965"
        ]
      }
    }
  ],
  "errorMessage": "",
  "cveCount": 1
}

Error Handling

HTTP Status Codes:

  • 200 OK: The request was processed successfully. This includes cases where the request was valid but no results were found, or when there are validation errors in the search criteria.

  • 401 Unauthorized: The API key is invalid or not provided.

  • 500 Internal Server Error: Unexpected server-side errors.

Error Messages: For requests that return a 200 status code, error messages may be included in the response body under the errorMessage field. Some possible error messages include:

"At least one of the search fields must be provided from 'cveIdList, ecosystem, component, severity, kev, zeroDay'. Please update your search criteria."
"From date is greater than last 100 days. API only supports from date less than last 100 days. Update your search query."
"There is some data which is older than last 100 days."

Example error response (200 OK with error message):

{
  "searchType": "COMPONENT",
  "responseData": [],
  "ecosystemFilterList": [],
  "errorMessage": "At least one of the search fields must be provided from 'cveIdList, ecosystem, component, severity, kev, zeroDay'. Please update your search criteria.",
  "cveCount": 0
}

Example 401 Unauthorized response:

HTTP/1.1 401 Unauthorized
Content-Type: application/json

{
  "errorMessage": "Invalid or missing API key"
}

Notes on API Usage

  • If cveIdList is provided, all other search criteria will be ignored.

  • Ensure that at least one of the required search fields (cveIdList, ecosystem, component, severity, kev, zeroDay) is provided in each request.

  • When specifying dates, ensure that the fromDate is not more than 100 days in the past.

  • The API key must be included in the sec1-api-key header for all requests. Requests without a valid API key will receive a 401 Unauthorized response.

  • If you receive an error message about data being older than last 100 days, consider adjusting your date range or consulting the API provider for access to historical data.

PreviousPricing & Billing

Last updated