Search CVEs
Full-text search across all vulnerability sources including MITRE CVE List V5, NVD, GitHub Advisories, OSV, and Nixpkgs Tracker.
Endpoint
GET /api/v1/search?q={query}Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
q | string | Yes | Search query (min 2 characters) |
sources | string | No | Comma-separated list of sources to search |
sort | string | No | Sort order: date (default, newest first) or severity |
ecosystem | string | No | Filter by ecosystem (e.g., npm, PyPI) |
Available Sources
| Source Key | Description |
|---|---|
nixpkgs-tracker | Nixpkgs Security Tracker issues |
github-advisories | GitHub Security Advisories |
osv | OSV.dev vulnerabilities |
cve-list-v5 | MITRE CVE List V5 (official source) |
nvd | NVD (NIST enriched data) |
Response
json
{
"success": true,
"data": {
"query": "curl",
"ecosystem": "all",
"sources": ["nixpkgs-tracker", "github-advisories", "osv", "cve-list-v5", "nvd"],
"sort": "date",
"count": 12,
"total": 12,
"results": [
{
"type": "cve",
"id": "CVE-2024-45490",
"cve_id": "CVE-2024-45490",
"summary": "Buffer overflow in curl libcurl...",
"severity": "high",
"published_at": "2024-09-15T12:00:00Z",
"source": "cve-list-v5"
},
{
"type": "github-advisory",
"id": "GHSA-xxxx-yyyy-zzzz",
"cve_id": "CVE-2024-45490",
"summary": "curl vulnerability",
"severity": "high",
"source": "github-advisories"
}
]
},
"timestamp": "2026-02-05T12:00:00.000Z"
}Example
bash
# Search for curl vulnerabilities across all sources
curl "https://api.vulnpatch.dev/api/v1/search?q=curl"
# Search only MITRE and NVD
curl "https://api.vulnpatch.dev/api/v1/search?q=openssl&sources=cve-list-v5,nvd"
# Search by CVE ID
curl "https://api.vulnpatch.dev/api/v1/search?q=CVE-2024-45490"Code Examples
javascript
async function searchVulns(query, sources = null) {
let url = `https://api.vulnpatch.dev/api/v1/search?q=${encodeURIComponent(query)}`;
if (sources) {
url += `&sources=${encodeURIComponent(sources)}`;
}
const response = await fetch(url);
const { data } = await response.json();
console.log(`Found ${data.total} results for "${data.query}"`);
data.results.forEach(result => {
console.log(`[${result.source}] ${result.id}: ${result.summary || result.title}`);
});
return data.results;
}
// Search all sources
searchVulns('curl');
// Search specific sources
searchVulns('openssl', 'cve-list-v5,nvd');python
import requests
from urllib.parse import urlencode
def search_vulns(query, sources=None):
params = {'q': query}
if sources:
params['sources'] = sources
url = f"https://api.vulnpatch.dev/api/v1/search?{urlencode(params)}"
response = requests.get(url)
data = response.json()['data']
print(f"Found {data['total']} results for '{data['query']}'")
for result in data['results']:
print(f"[{result['source']}] {result['id']}: {result.get('summary') or result.get('title')}")
return data['results']
# Search all sources
search_vulns('curl')
# Search specific sources
search_vulns('openssl', 'cve-list-v5,nvd')Use Cases
- CVE lookup: Search by CVE ID to find details across sources
- Package security: Search by package name to find known vulnerabilities
- Research: Explore vulnerabilities by keyword or technology
- Dashboards: Build unified search interfaces across data sources
Caching
Results are cached for 5 minutes per unique query/sources combination.