API for CVE data 

This API returns detailed information on specific security issues, specified by CVE number.

What’s a CVE number?

Whenever a security vulnerability is found in a piece of software or hardware, it gets a unique number, like “CVE-2019-9956”.
Having a single ID for that issue then gives the entire security industry a common way of talking about it. We can then use it to describe findings in security scans and pentests, or describe fixes in new software releases.

API documentation

Usage:

GET https://v1.cveapi.com/<CVE-xxxx-xxxx>.json

Example:

curl https://v1.cveapi.com/CVE-2019-9956.json
 {
  "cve": {
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
      "ID": "CVE-2019-9956",
      "ASSIGNER": "cve@mitre.org"
    },
    "affects": {
      "vendor": {
        "vendor_data": [
          {
            "vendor_name": "imagemagick",
            "product": {
              "product_data": [
                {
                  "product_name": "imagemagick",
                  "version": {
                    "version_data": [
                      {
                        "version_value": "7.0.8-35",
                        "version_affected": "="
                      }
                    ]
                  }
                }
              ]
            }
          }
        ]
      }
    },
    "problemtype": {
      "problemtype_data": [
        {
          "description": [
            {
              "lang": "en",
              "value": "CWE-119"
            }
          ]
        }
      ]
    },
    "references": {
      "reference_data": [
        {
          "url": "http://www.securityfocus.com/bid/107546",
          "name": "107546",
          "refsource": "BID",
          "tags": [
            "Third Party Advisory",
            "VDB Entry"
          ]
        },
        {
          "url": "http://www.securityfocus.com/bid/107672",
          "name": "107672",
          "refsource": "BID",
          "tags": []
        },
        {
          "url": "https://github.com/ImageMagick/ImageMagick/issues/1523",
          "name": "https://github.com/ImageMagick/ImageMagick/issues/1523",
          "refsource": "MISC",
          "tags": [
            "Exploit",
            "Third Party Advisory"
          ]
        }
      ]
    },
    "description": {
      "description_data": [
        {
          "lang": "en",
          "value": "In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file."
        }
      ]
    }
  },
  "configurations": {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe23Uri": "cpe:2.3:a:imagemagick:imagemagick:7.0.8-35:q16:*:*:*:*:*:*"
          }
        ]
      }
    ]
  },
  "impact": {
    "baseMetricV3": {
      "cvssV3": {
        "version": "3.0",
        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "attackVector": "NETWORK",
        "attackComplexity": "LOW",
        "privilegesRequired": "NONE",
        "userInteraction": "REQUIRED",
        "scope": "UNCHANGED",
        "confidentialityImpact": "HIGH",
        "integrityImpact": "HIGH",
        "availabilityImpact": "HIGH",
        "baseScore": 8.8,
        "baseSeverity": "HIGH"
      },
      "exploitabilityScore": 2.8,
      "impactScore": 5.9
    },
    "baseMetricV2": {
      "cvssV2": {
        "version": "2.0",
        "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
        "accessVector": "NETWORK",
        "accessComplexity": "MEDIUM",
        "authentication": "NONE",
        "confidentialityImpact": "PARTIAL",
        "integrityImpact": "PARTIAL",
        "availabilityImpact": "PARTIAL",
        "baseScore": 6.8
      },
      "severity": "MEDIUM",
      "exploitabilityScore": 8.6,
      "impactScore": 6.4,
      "acInsufInfo": false,
      "obtainAllPrivilege": false,
      "obtainUserPrivilege": false,
      "obtainOtherPrivilege": false,
      "userInteractionRequired": true
    }
  },
  "publishedDate": "2019-03-24T00:29Z",
  "lastModifiedDate": "2019-04-02T15:29Z"
}

You can also view the result in your browser here.

Authentication:

No authentication is required.
I do advise to leave your e-mail address below in case that has to change in the future.

Staying informed of changes:

If I have to make changes to the API, I’ll let you know by e-mail.


Where does the data come from?

All CVE information is provided by the awesome NIST National Vulnerability Database.
They publish data feeds on CVE’s that are grouped by year. I just split them up per CVE and put them here.

What if this doesn’t solve my problem?

Let me know, please! I can’t think of all the use cases for this data on my own, so please share whatever I can do that makes this more useful to you.

Is there a Premium tier?

Not yet. I'd love to provide one though, and make this API into a fully supported service.
So if you want priority support, an LTS version, guided migration between versions, SLA’s, or anything else, please contact me and tell me all about it.