CVE Lookup
Fetch detailed information about a single CVE, including data aggregated from multiple authoritative sources and cryptographic integrity hashes.
Endpoint
GET /api/v1/cve/:idPath Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | string | Yes | CVE identifier (e.g., CVE-2024-3094) |
Response
json
{
"success": true,
"data": {
"primary": { /* Primary CVE data from CVE List V5 */ },
"github": { /* GitHub Security Advisory data */ },
"osv": { /* OSV.dev vulnerability data */ },
"nixpkgs": { /* Nixpkgs security tracker data */ },
"sources": {
"cve_list_v5": { /* Raw MITRE CVE data */ },
"github": { /* Raw GitHub data */ },
"osv": { /* Raw OSV data */ }
},
"epss": {
"epss": 0.94532,
"percentile": 0.99281
},
"kev": {
"vendorProject": "Tukaani Project",
"product": "xz",
"vulnerabilityName": "XZ Utils Backdoor",
"dateAdded": "2024-04-12",
"dueDate": "2024-04-30",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use.",
"knownRansomwareCampaignUse": "Unknown"
}
},
"integrity": {
"sources": {
"cve_list_v5": "c5e053ab08a4389b18775890d634b90c004f8d73e826cd0372333f6a5e3a721f",
"github": "688fe5721b123a2a715186589990b0458c45f763f4a6947a0a6b2d5ad573c8c5",
"osv": "d8d3f9704cab7ba7a6c97ab32d370f1aa875352044b41b27549cee0aa792ab45"
},
"primaryHash": "c5e053ab08a4389b18775890d634b90c004f8d73e826cd0372333f6a5e3a721f",
"fetchedAt": "2024-01-15T12:00:00.000Z"
},
"sourceUrl": "https://cveawg.mitre.org/api/cve/CVE-2024-3094",
"timestamp": "2024-01-15T12:00:00.000Z"
}Response Fields
Data Object
| Field | Type | Description |
|---|---|---|
primary | object | Primary CVE data from MITRE CVE List V5 |
github | object | GitHub Security Advisory data (if available) |
osv | object | OSV.dev vulnerability data (if available) |
nixpkgs | object | Nixpkgs security tracker data (if available) |
sources | object | Raw source data for each provider |
epss | object | EPSS exploit prediction score (if available) |
kev | object | CISA KEV catalog entry (if actively exploited) |
EPSS Object
Included when EPSS data is available for the CVE. Scores are fetched from cache or live from FIRST.org.
| Field | Type | Description |
|---|---|---|
epss | number | Probability of exploitation in next 30 days (0-1) |
percentile | number | Ranking among all scored CVEs (0-1) |
KEV Object
Included when the CVE appears in the CISA Known Exploited Vulnerabilities catalog.
| Field | Type | Description |
|---|---|---|
vendorProject | string | Vendor or project name |
product | string | Affected product name |
vulnerabilityName | string | Vulnerability description |
dateAdded | string | Date added to KEV catalog |
dueDate | string | Federal remediation deadline |
requiredAction | string | Required remediation action |
knownRansomwareCampaignUse | string | "Known" or "Unknown" |
Integrity Object
The integrity field provides SHA-256 hashes for cryptographic verification of the source data:
| Field | Type | Description |
|---|---|---|
sources | object | Map of source name to SHA-256 hash |
primaryHash | string | SHA-256 hash of primary CVE data |
fetchedAt | string | ISO 8601 timestamp of when data was fetched |
indexed | object | Stored hash from local index (if available) |
Data Provenance
Use the integrity hashes to verify that CVE data hasn't been modified. Compare hashes across requests to detect updates. Each hash is computed on the raw JSON response from the respective source.
Source Hashes
Each source has a unique hash identifier:
| Source Key | Description |
|---|---|
cve_list_v5 | Official MITRE CVE List V5 data |
github | GitHub Security Advisory data |
osv | OSV.dev vulnerability data |
nixpkgs | Nixpkgs security tracker data |
Examples
Basic Request
bash
curl "https://api.vulnpatch.dev/api/v1/cve/CVE-2024-3094"Response
json
{
"success": true,
"data": {
"primary": {
"id": "CVE-2024-3094",
"description": "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0...",
"severity": "CRITICAL",
"cvss": 10.0,
"published": "2024-03-29T00:00:00Z",
"modified": "2024-04-01T00:00:00Z",
"references": [
"https://www.openwall.com/lists/oss-security/2024/03/29/4"
],
"affected": [
{
"vendor": "Tukaani Project",
"product": "xz",
"versions": ["5.6.0", "5.6.1"]
}
]
},
"github": {
"ghsaId": "GHSA-xxx-yyyy-zzzz",
"severity": "CRITICAL",
"summary": "Backdoor in xz/liblzma"
},
"osv": {
"id": "GHSA-xxx-yyyy-zzzz",
"aliases": ["CVE-2024-3094"],
"severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]
},
"sources": {
"cve_list_v5": { /* Raw MITRE data */ },
"github": { /* Raw GitHub data */ },
"osv": { /* Raw OSV data */ }
},
"epss": {
"epss": 0.94532,
"percentile": 0.99281
},
"kev": {
"vendorProject": "Tukaani Project",
"product": "xz",
"vulnerabilityName": "XZ Utils Backdoor",
"dateAdded": "2024-04-12",
"dueDate": "2024-04-30",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use.",
"knownRansomwareCampaignUse": "Unknown"
}
},
"integrity": {
"sources": {
"cve_list_v5": "c5e053ab08a4389b18775890d634b90c004f8d73e826cd0372333f6a5e3a721f",
"github": "688fe5721b123a2a715186589990b0458c45f763f4a6947a0a6b2d5ad573c8c5",
"osv": "d8d3f9704cab7ba7a6c97ab32d370f1aa875352044b41b27549cee0aa792ab45"
},
"primaryHash": "c5e053ab08a4389b18775890d634b90c004f8d73e826cd0372333f6a5e3a721f",
"fetchedAt": "2024-03-30T12:00:00.000Z"
},
"sourceUrl": "https://cveawg.mitre.org/api/cve/CVE-2024-3094",
"timestamp": "2024-03-30T12:00:00.000Z"
}Code Examples
javascript
async function lookupCVE(cveId) {
const response = await fetch(`https://api.vulnpatch.dev/api/v1/cve/${cveId}`);
const result = await response.json();
if (!result.success) {
throw new Error(result.error);
}
const { data, integrity } = result;
console.log(`CVE: ${data.primary.id}`);
console.log(`Severity: ${data.primary.severity}`);
console.log(`CVSS: ${data.primary.cvss}`);
// Verify data integrity
console.log('Integrity hashes:');
for (const [source, hash] of Object.entries(integrity.sources)) {
console.log(` ${source}: ${hash.slice(0, 16)}...`);
}
return result;
}
// Usage
lookupCVE('CVE-2024-3094');python
import requests
import hashlib
import json
def lookup_cve(cve_id):
response = requests.get(f'https://api.vulnpatch.dev/api/v1/cve/{cve_id}')
result = response.json()
if not result.get('success'):
raise Exception(result.get('error'))
data = result['data']
integrity = result['integrity']
print(f"CVE: {data['primary']['id']}")
print(f"Severity: {data['primary'].get('severity', 'N/A')}")
print(f"CVSS: {data['primary'].get('cvss', 'N/A')}")
# Verify data integrity
print('Integrity hashes:')
for source, hash_value in integrity['sources'].items():
print(f" {source}: {hash_value[:16]}...")
return result
# Usage
lookup_cve('CVE-2024-3094')bash
# Basic lookup
curl -s "https://api.vulnpatch.dev/api/v1/cve/CVE-2024-3094" | jq .
# Extract just the integrity hashes
curl -s "https://api.vulnpatch.dev/api/v1/cve/CVE-2024-3094" | jq '.integrity.sources'
# Get primary severity and CVSS
curl -s "https://api.vulnpatch.dev/api/v1/cve/CVE-2024-3094" | \
jq '{severity: .data.primary.severity, cvss: .data.primary.cvss}'Verifying Data Integrity
The integrity hashes allow you to verify that data hasn't been tampered with. Here's how to use them:
Comparing Hashes
javascript
// Fetch the same CVE twice and compare hashes
async function verifyIntegrity(cveId) {
const response1 = await fetch(`https://api.vulnpatch.dev/api/v1/cve/${cveId}`);
const result1 = await response1.json();
// Wait a moment
await new Promise(r => setTimeout(r, 1000));
const response2 = await fetch(`https://api.vulnpatch.dev/api/v1/cve/${cveId}`);
const result2 = await response2.json();
// Compare primary hashes - should be identical if data unchanged
if (result1.integrity.primaryHash === result2.integrity.primaryHash) {
console.log('Data integrity verified - hashes match');
} else {
console.log('Data may have been updated between requests');
}
}Error Responses
CVE Not Found
json
{
"success": false,
"error": "CVE not found",
"cveId": "CVE-9999-99999"
}Invalid CVE ID
json
{
"success": false,
"error": "Invalid CVE ID format",
"provided": "not-a-cve"
}Notes
- CVE IDs are case-insensitive (
cve-2024-3094works) - Data is aggregated from multiple sources in real-time
- Not all sources have data for every CVE
- Integrity hashes are computed fresh on each request
- EPSS scores are served from cache when available, with live FIRST.org API fallback for uncached CVEs
- KEV data is checked against the locally cached CISA catalog (refreshed every 30 minutes)
- Use the Bulk CVE Lookup endpoint for multiple CVEs
- Use the Exploitability endpoint for bulk EPSS/KEV data