Ecosystem Severity
Get severity breakdown and fix availability statistics for a specific ecosystem.
Endpoint
GET /api/v1/ecosystem-severity/:ecosystemParameters
| Parameter | Type | Description |
|---|---|---|
ecosystem | string | Ecosystem name (e.g., npm, PyPI, Go, Maven) |
Response
json
{
"success": true,
"data": {
"ecosystem": "npm",
"severityCounts": {
"critical": 1247,
"high": 8934,
"medium": 12456,
"low": 3211,
"unknown": 892
},
"withFix": 18234
},
"timestamp": "2024-01-15T12:00:00.000Z"
}Response Fields
| Field | Type | Description |
|---|---|---|
ecosystem | string | The requested ecosystem name |
severityCounts | object | Breakdown of vulnerabilities by severity level |
withFix | number | Count of advisories with a patched version available |
Severity Counts Object
| Field | Type | Description |
|---|---|---|
critical | number | CVSS 9.0-10.0 vulnerabilities |
high | number | CVSS 7.0-8.9 vulnerabilities |
medium | number | CVSS 4.0-6.9 vulnerabilities |
low | number | CVSS 0.1-3.9 vulnerabilities |
unknown | number | Vulnerabilities without CVSS score |
Example
bash
curl https://api.vulnpatch.dev/api/v1/ecosystem-severity/npmCode Examples
javascript
async function getEcosystemSeverity(ecosystem) {
const response = await fetch(
`https://api.vulnpatch.dev/api/v1/ecosystem-severity/${ecosystem}`
);
const { data } = await response.json();
console.log(`${data.ecosystem} vulnerability breakdown:`);
console.log(` Critical: ${data.severityCounts.critical}`);
console.log(` High: ${data.severityCounts.high}`);
console.log(` With fix available: ${data.withFix}`);
}python
import requests
def get_ecosystem_severity(ecosystem):
response = requests.get(
f'https://api.vulnpatch.dev/api/v1/ecosystem-severity/{ecosystem}'
)
data = response.json()['data']
print(f"{data['ecosystem']} vulnerability breakdown:")
print(f" Critical: {data['severityCounts']['critical']}")
print(f" High: {data['severityCounts']['high']}")
print(f" With fix available: {data['withFix']}")Use Cases
- Risk assessment: Understand severity distribution within an ecosystem
- Prioritization: Focus on ecosystems with high critical/high vulnerability counts
- Fix tracking: Monitor how many vulnerabilities have patches available
Data Source
Severity data is sourced from GitHub Security Advisories (GHSA) for the requested ecosystem. The withFix count indicates advisories that have a first_patched_version available.
Caching
This endpoint is cached for 1 hour. The X-Cache header indicates cache status.