Skip to content

Products API

GET /vendors/<string:vendor>/products

List the products associated to a vendor.

Parameters:

  • search (optional): filter by keyword
  • page (optional, default: 1): the page to start

Example request:

GET /api/vendors/wordpress/products HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
[
  ...
  {
    "name": "wordpress_mu",
    "human_name": "Wordpress Mu"
  },
  ...
]

GET /vendors/<string:vendor>/products/<string:product>

Get a specific product of a vendor.

Example request:

GET /api/vendors/wordpress/products/wordpress_mu HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
{
  "name": "wordpress_mu",
  "human_name": "Wordpress Mu"
}

GET /vendors/<string:vendor>/products/<string:product>/cve

Get the list of CVEs associated to a product.

Parameters:

  • search (optional): filter by keyword in summary
  • cvss (optional): filter by CVSS (one of none, low, medium, high, critical)
  • cwe (optional): filter by CWE
  • page (optional, default: 1): the page to start

Example request:

GET /api/vendors/wordpress/products/wordpress_mu/cve HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
[
  ...
  {
    "id": "CVE-2009-2335",
    "summary": "WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.  NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\"",
    "created_at": "2009-07-10T21:00:00Z",
    "updated_at": "2018-11-08T20:38:00Z"
  },
  ...
]