ProductsBook A DemoContact Us

CVE API

Endpoint

  • Host: https://api.sec1.io

  • Context: /rest/foss

  • Endpoint: /cve/v1/cve-details

POST /cve/v1/cve-details

Fetches details about CVEs based on the search criteria. By default, it returns the latest 20 CVEs.

Security:

Request Body:

{
  "cveIdList": ["string"],
  "component": "string",
  "ecosystem": ["string"],
  "pageNumber": "string",
  "pageSize": "string",
  "sortBy": "string",
  "sortOrder": "string",
  "fromDate": "YYYY-MM-DD",
  "toDate": "YYYY-MM-DD",
  "severity": ["string"],
  "kev": boolean,
  "zeroDay": boolean
}

Parameters:

  • cveIdList: List of CVE IDs to search for

  • component: Component to search for (e.g., "spring-core 3.0")

  • ecosystem: List of ecosystems to filter by. e.g. maven, linux, npm

  • pageNumber: Page number for pagination (starts from 1)

  • pageSize: Number of results per page (default: 20, max: 100)

  • sortBy: Field to sort by. Allowed fields - publishedDate, lastModifiedDate, cveId, severity. Default: publishedDate

  • sortOrder: Order to sort by (asc or desc). Default: desc

  • fromDate: Start date for the search range e.g. 2024-08-24

  • toDate: End date for the search range e.g. 2024-04-02

  • severity: List of severity levels to filter by e.g. ['critical','high','medium','low']

  • kev: Filter by Known Exploited Vulnerability (KEV) status

  • zeroDay: Filter by zero-day vulnerability status

Notes:

  • At least one of the following search fields must be provided: cveIdList, component, ecosystem, severity, kev, or zeroDay.

  • If cveIdList is provided, all other search criteria will be ignored.

  • The component field allows searching for specific components, e.g., "spring-core 3.0".

  • If no pageSize is specified, the API returns 20 results by default.

  • The maximum allowed pageSize is 100. If a larger value is provided, it will be capped at 100.

Example request:

Example response:

Error Handling

HTTP Status Codes:

  • 200 OK: The request was processed successfully. This includes cases where the request was valid but no results were found, or when there are validation errors in the search criteria.

  • 401 Unauthorized: The API key is invalid or not provided.

  • 500 Internal Server Error: Unexpected server-side errors.

Error Messages: For requests that return a 200 status code, error messages may be included in the response body under the errorMessage field. Some possible error messages include:

Example error response (200 OK with error message):

Example 401 Unauthorized response:

Notes on API Usage

  • If cveIdList is provided, all other search criteria will be ignored.

  • Ensure that at least one of the required search fields (cveIdList, ecosystem, component, severity, kev, zeroDay) is provided in each request.

  • When specifying dates, ensure that the fromDate is not more than 100 days in the past.

  • The API key must be included in the sec1-api-key header for all requests. Requests without a valid API key will receive a 401 Unauthorized response.

  • If you receive an error message about data being older than last 100 days, consider adjusting your date range or consulting the API provider for access to historical data.

PreviousPricing & BillingNextsec1-sast Security Scanner - Quick Start Guide

Last updated