Knowledge Graph API

The Knowledge Graph API provides relationship-based queries across CVEs, packages, and weaknesses (CWEs). Powered by Neo4j, it enables traversals to find transitive vulnerabilities, related CVEs, and packages affected by specific weakness types.

Overview

The graph models these relationships:

• CVE → Package: Which packages are affected by a CVE
• CVE → CWE: What type of weakness a CVE represents
• CVE → CVE: Related vulnerabilities (shared packages/CWEs)
• Package → Package: Dependency relationships (future)

Endpoints

Get Graph Statistics

Returns node and relationship counts.

GET /api/v1/graph/stats

Response

{
  "success": true,
  "data": {
    "nodes": {
      "CVE": 1250,
      "Package": 890,
      "CWE": 145
    },
    "relationships": {
      "AFFECTS": 2100,
      "HAS_WEAKNESS": 980,
      "RELATED_TO": 450
    }
  }
}

Get Affected Packages

Returns packages affected by a specific CVE with version ranges.

GET /api/v1/graph/cve/:id/affected

Parameters

Parameter	Type	Description
id	string	CVE ID (e.g., CVE-2024-1234)

Response

{
  "success": true,
  "data": {
    "cve_id": "CVE-2024-1234",
    "affected_packages": [
      {
        "name": "lodash",
        "ecosystem": "npm",
        "affected_versions": "<4.17.21",
        "fixed_version": "4.17.21"
      },
      {
        "name": "python-lodash",
        "ecosystem": "PyPI",
        "affected_versions": "<4.17.0",
        "fixed_version": "4.17.0"
      }
    ]
  }
}

Get Related CVEs

Returns CVEs related through shared packages or CWEs.

GET /api/v1/graph/cve/:id/related

Parameters

Parameter	Type	Description
id	string	CVE ID (e.g., CVE-2024-1234)

Response

{
  "success": true,
  "data": {
    "cve_id": "CVE-2024-1234",
    "related": [
      {
        "cve_id": "CVE-2024-5678",
        "relationship": "SHARED_PACKAGE",
        "shared": "lodash",
        "severity": "HIGH"
      },
      {
        "cve_id": "CVE-2023-9999",
        "relationship": "SHARED_CWE",
        "shared": "CWE-79",
        "severity": "MEDIUM"
      }
    ]
  }
}

Get CVEs for Package

Returns all CVEs affecting a specific package.

GET /api/v1/graph/package/:name/vulns

Parameters

Parameter	Type	Description
name	string	Package name (e.g., lodash)

Query Parameters

Parameter	Type	Description
ecosystem	string	Filter by ecosystem (e.g., npm, PyPI)

Response

{
  "success": true,
  "data": {
    "package": "lodash",
    "ecosystem": "npm",
    "vulnerabilities": [
      {
        "cve_id": "CVE-2024-1234",
        "severity": "HIGH",
        "published": "2024-03-15",
        "affected_versions": "<4.17.21",
        "fixed_version": "4.17.21"
      }
    ]
  }
}

Get Transitive Vulnerabilities

Returns vulnerabilities in dependencies (requires dependency graph population).

GET /api/v1/graph/package/:name/transitive

Parameters

Parameter	Type	Description
name	string	Package name

Query Parameters

Parameter	Type	Description
depth	number	Maximum traversal depth (default: 3, max: 5)

Response

{
  "success": true,
  "data": {
    "package": "my-app",
    "transitive_vulns": [
      {
        "cve_id": "CVE-2024-1234",
        "path": ["my-app", "express", "lodash"],
        "depth": 2,
        "severity": "HIGH"
      }
    ]
  }
}

Get CVEs by CWE

Returns all CVEs classified under a specific weakness type.

GET /api/v1/graph/cwe/:id/cves

Parameters

Parameter	Type	Description
id	string	CWE ID (e.g., CWE-79 or just 79)

Response

{
  "success": true,
  "data": {
    "cwe_id": "CWE-79",
    "cwe_name": "Cross-site Scripting (XSS)",
    "cves": [
      {
        "cve_id": "CVE-2024-1234",
        "severity": "MEDIUM",
        "published": "2024-03-15"
      }
    ],
    "count": 1
  }
}

Graph Schema

Nodes

Label	Properties	Description
CVE	id, severity, published, modified, description	Vulnerability record
Package	name, ecosystem	Affected software package
CWE	id, name, description	Weakness classification

Relationships

Type	From	To	Properties
AFFECTS	CVE	Package	versions, fixed_version
HAS_WEAKNESS	CVE	CWE	-
RELATED_TO	CVE	CVE	reason (shared_package, shared_cwe)
DEPENDS_ON	Package	Package	version_constraint

Indexes & Constraints

• Unique constraints on CVE.id, Package.name, CWE.id
• Indexes on CVE.severity, CVE.published, Package.ecosystem

Data Sync

The graph is populated from CVE data during the cron sync (every 30 minutes):

1. New/updated CVEs are synced with their affected packages
2. CWE relationships are created from CVE problem types
3. Related CVE edges are computed based on shared packages/CWEs

Use Cases

Security Audit

Find all vulnerabilities affecting your dependencies:

curl "https://api.vulnpatch.dev/api/v1/graph/package/express/vulns?ecosystem=npm"

Impact Analysis

See which packages are affected when a new CVE is published:

curl "https://api.vulnpatch.dev/api/v1/graph/cve/CVE-2024-1234/affected"

Weakness Pattern Analysis

Find all XSS vulnerabilities:

curl "https://api.vulnpatch.dev/api/v1/graph/cwe/79/cves"

Dependency Risk Assessment

Check transitive vulnerabilities in your dependency tree:

curl "https://api.vulnpatch.dev/api/v1/graph/package/my-app/transitive?depth=3"