Bulk CVE Lookup
Fetch multiple CVE details in a single request (up to 50 CVEs).
Endpoint
POST /api/v1/cve/batchRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
cves | string[] | Yes | Array of CVE IDs to look up (max 50) |
Alternative Field Name
You can also use ids instead of cves for the array field name.
Response
json
{
"success": true,
"data": {
"CVE-2024-1234": {
"found": true,
"data": {
"id": "CVE-2024-1234",
"description": "A vulnerability in...",
"severity": "HIGH",
"cvss": 8.1,
"published": "2024-01-15T00:00:00Z",
"modified": "2024-01-20T00:00:00Z",
"references": ["https://..."],
"affected": [...]
},
"sourceUrl": "https://cveawg.mitre.org/api/cve/CVE-2024-1234"
},
"CVE-2024-5678": {
"found": false,
"error": "CVE not found"
}
},
"summary": {
"requested": 2,
"found": 1,
"notFound": 1,
"invalidIds": ["not-a-cve"]
},
"timestamp": "2024-01-15T12:00:00.000Z"
}Response Fields
Summary Object
| Field | Type | Description |
|---|---|---|
requested | number | Total CVEs requested |
found | number | CVEs successfully retrieved |
notFound | number | CVEs not found in database |
invalidIds | string[] | Invalid CVE IDs that were skipped (only present if any) |
CVE Result Object
| Field | Type | Description |
|---|---|---|
found | boolean | Whether the CVE was found |
data | object | CVE details (when found) |
sourceUrl | string | Link to source CVE data (when found) |
error | string | Error message (when not found) |
Examples
Basic Request
bash
curl -X POST "https://api.vulnpatch.dev/api/v1/cve/batch" \
-H "Content-Type: application/json" \
-d '{"cves": ["CVE-2024-3094", "CVE-2023-44487", "CVE-2021-44228"]}'Response
json
{
"success": true,
"data": {
"CVE-2024-3094": {
"found": true,
"data": {
"id": "CVE-2024-3094",
"description": "Malicious code was discovered in the upstream tarballs of xz...",
"severity": "CRITICAL",
"cvss": 10.0
},
"sourceUrl": "https://cveawg.mitre.org/api/cve/CVE-2024-3094"
},
"CVE-2023-44487": {
"found": true,
"data": {
"id": "CVE-2023-44487",
"description": "HTTP/2 Rapid Reset Attack...",
"severity": "HIGH",
"cvss": 7.5
},
"sourceUrl": "https://cveawg.mitre.org/api/cve/CVE-2023-44487"
},
"CVE-2021-44228": {
"found": true,
"data": {
"id": "CVE-2021-44228",
"description": "Apache Log4j2 JNDI features...",
"severity": "CRITICAL",
"cvss": 10.0
},
"sourceUrl": "https://cveawg.mitre.org/api/cve/CVE-2021-44228"
}
},
"summary": {
"requested": 3,
"found": 3,
"notFound": 0
},
"timestamp": "2024-01-15T12:00:00.000Z"
}Code Examples
javascript
async function lookupCVEs(cveIds) {
const response = await fetch('https://api.vulnpatch.dev/api/v1/cve/batch', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ cves: cveIds })
});
const { data, summary } = await response.json();
console.log(`Found ${summary.found}/${summary.requested} CVEs`);
for (const [cveId, result] of Object.entries(data)) {
if (result.found) {
console.log(`${cveId}: ${result.data.severity} (CVSS ${result.data.cvss})`);
} else {
console.log(`${cveId}: Not found`);
}
}
return data;
}
// Usage
lookupCVEs(['CVE-2024-3094', 'CVE-2023-44487']);python
import requests
def lookup_cves(cve_ids):
response = requests.post(
'https://api.vulnpatch.dev/api/v1/cve/batch',
json={'cves': cve_ids}
)
result = response.json()
print(f"Found {result['summary']['found']}/{result['summary']['requested']} CVEs")
for cve_id, cve_result in result['data'].items():
if cve_result['found']:
data = cve_result['data']
print(f"{cve_id}: {data.get('severity', 'N/A')} (CVSS {data.get('cvss', 'N/A')})")
else:
print(f"{cve_id}: Not found")
return result['data']
# Usage
lookup_cves(['CVE-2024-3094', 'CVE-2023-44487'])Error Responses
No CVEs Provided
json
{
"success": false,
"error": "Request body must contain a \"cves\" array of CVE IDs",
"example": { "cves": ["CVE-2024-1234", "CVE-2024-5678"] }
}Too Many CVEs
json
{
"success": false,
"error": "Maximum 50 CVEs per batch request",
"requested": 75
}No Valid CVE IDs
json
{
"success": false,
"error": "No valid CVE IDs provided",
"invalidIds": ["invalid-id", "also-invalid"]
}Notes
- CVE IDs are case-insensitive (
cve-2024-1234works) - Invalid CVE IDs are skipped and reported in
summary.invalidIds - Results are keyed by the normalized (uppercase) CVE ID
- This endpoint is more efficient than making individual requests when you need multiple CVEs