Skip to content

CWEs API

GET /cwe

List the CWEs.

Parameters:

  • search (optional): filter by keyword
  • page (optional, default: 1): the page to start

Example request:

GET /api/cwe HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
[
  ...
  {
    "id": "CWE-79",
    "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."
  },
  ...
]

GET /cwe/<string:id>

Get a specific CWE.

Example request:

GET /api/cwe/CWE-79 HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
{
  "id": "CWE-79",
  "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
  "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."
}

GET /cwe/<string:id>/cve

Get the list of CVEs associated to a CWE.

Parameters:

  • search (optional): filter by keyword in summary
  • vendor (optional): filter by vendor name
  • product (optional): filter by product name (implies vendor parameter)
  • cvss (optional): filter by CVSS (one of none, low, medium, high, critical)
  • page (optional, default: 1): the page to start

Example request:

GET /api/cwe/CWE-79/cve HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
[
  ...
  {
    "id": "CVE-2020-6816",
    "summary": "In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.",
    "created_at": "2020-03-24T22:15:00Z",
    "updated_at": "2021-03-30T23:15:00Z"
  },
  ...
]