Skip to content

CVEs API

GET /cve

List the CVEs.

Parameters:

  • search (optional): filter by keyword in CVE ID or Description
  • vendor (optional): filter by vendor name
  • product (optional): filter by product name (implies vendor parameter)
  • weakness (optional): filter by weakness name
  • cvss (optional): filter by CVSS3.1 (one of empty, low, medium, high, critical)
  • tag (optional): filter by user tag
  • page (optional, default: 1): the page to start

Example request:

GET /api/cve?vendor=microsoft HTTP/1.1
Host: app.opencve.io
Accept: application/json

Example response:

HTTP/1.1 200 OK

{
  "count": 20140,
  "next": "https://app.opencve.io/api/cve?page=2&vendor=microsoft",
  "previous": null,
  "results": [
    {
      "created_at": "2024-10-23T01:09:30.580000Z",
      "updated_at": "2024-11-06T20:39:55.200000Z",
      "cve_id": "CVE-2024-31880",
      "description": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user."
    },
    ...
  ]
}

GET /cve/<id>

Get the details of a specific CVE.

Example request:

GET /api/cve/CVE-2024-31880 HTTP/1.1
Host: app.opencve.io
Accept: application/json

Example response:

HTTP/1.1 200 OK

{
  "created_at": "2024-10-23T01:09:30.580000Z",
  "updated_at": "2024-11-06T20:39:55.200000Z",
  "cve_id": "CVE-2024-31880",
  "title": "IBM Db2 denial of service",
  "description": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.",
  "metrics": {
    "kev": {
      "data": {},
      "provider": null
    },
    "ssvc": {
      "data": {
        "options": {
          "Automatable": "no",
          "Exploitation": "none",
          "Technical Impact": "partial"
        },
        "version": "2.0.3"
      },
      "provider": "vulnrichment"
    },
    "cvssV2_0": {
      "data": {},
      "provider": null
    },
    "cvssV3_0": {
      "data": {},
      "provider": null
    },
    "cvssV3_1": {
      "data": {
        "score": 5.3,
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
      },
      "provider": "mitre"
    },
    "cvssV4_0": {
      "data": {},
      "provider": null
    },
    "threat_severity": {
      "data": null,
      "provider": null
    }
  },
  "weaknesses": [
    "CWE-770"
  ],
  "vendors": [
    "ibm",
    "ibm$PRODUCT$db2",
    "linux",
    "linux$PRODUCT$linux_kernel",
    "microsoft",
    "microsoft$PRODUCT$windows",
    "opengroup",
    "opengroup$PRODUCT$unix"
  ]
}