CWEs API
GET /cwe
List the CWEs.
Parameters:
search
(optional): filter by keywordpage
(optional, default: 1): the page to start
Example request:
GET /api/cwe HTTP/1.1
Host: example.com
Accept: application/json
Example response:
HTTP/1.1 200 OK
[
...
{
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."
},
...
]
GET /cwe/<string:id>
Get a specific CWE.
Example request:
GET /api/cwe/CWE-79 HTTP/1.1
Host: example.com
Accept: application/json
Example response:
HTTP/1.1 200 OK
{
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."
}
GET /cwe/<string:id>/cve
Get the list of CVEs associated to a CWE.
Parameters:
search
(optional): filter by keyword in summaryvendor
(optional): filter by vendor nameproduct
(optional): filter by product name (impliesvendor
parameter)cvss
(optional): filter by CVSS (one ofnone
,low
,medium
,high
,critical
)page
(optional, default: 1): the page to start
Example request:
GET /api/cwe/CWE-79/cve HTTP/1.1
Host: example.com
Accept: application/json
Example response:
HTTP/1.1 200 OK
[
...
{
"id": "CVE-2020-6816",
"summary": "In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.",
"created_at": "2020-03-24T22:15:00Z",
"updated_at": "2021-03-30T23:15:00Z"
},
...
]