This API returns detailed information on specific security issues, specified by CVE number.
(Top)
1 How to use this API
1.1 Request
1.2 Response
1.3 Authentication
2 Staying informed of changes
3 FAQ
3.1 What’s a CVE number?
3.2 Where does the data come from?
3.3 What if this doesn’t solve my problem?
3.4 Is there a Premium tier?
3.5 Who built this and how can I reach out?
This service relied on data feeds that the NVD provided. Since December 15th 2023 however, those feeds have been retired in favor of an API made by the NVD themselves.
I created this API because the NVD did not provide one. Now that that has changed I think this one is no longer needed. Until further notice you will still be able to query all CVE's prior to December 15th, but no new ones will be added.
If you have any questions or remarks, feel free to reach out. See my contact info at the bottom of this page
{
"cve": {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9956",
"ASSIGNER": "cve@mitre.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "imagemagick",
"product": {
"product_data": [
{
"product_name": "imagemagick",
"version": {
"version_data": [
{
"version_value": "7.0.8-35",
"version_affected": "="
}
]
}
}
]
}
},
{
"vendor_name": "debian",
"product": {
"product_data": [
{
"product_name": "debian_linux",
"version": {
"version_data": [
{
"version_value": "9.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html",
"name": "openSUSE-SU-2019:1320",
"refsource": "SUSE",
"tags": []
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html",
"name": "openSUSE-SU-2019:1331",
"refsource": "SUSE",
"tags": []
},
...
}
]
},
"description": {
"description_data": [
{
"lang": "en",
"value": "In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file."
}
]
}
},
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"operator": "OR",
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:imagemagick:imagemagick:7.0.8-35:q16:*:*:*:*:*:*"
}
]
},
{
"operator": "OR",
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
}
]
}
]
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"severity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
},
"publishedDate": "2019-03-24T00:29Z",
"lastModifiedDate": "2019-05-14T13:29Z"
}
No authentication is required. But let me know below how I can contact you, should that ever change. See next paragraph.
If you depend on this API in any important way please send me a quick email at cveapi@dietervds.be. Should anything change with the API format or authentication I will let you know. Cheers!
Whenever a security vulnerability is found in a piece of software or hardware, it gets a unique number, like “CVE-2019-9956”. Having a single ID for that issue then gives the entire security industry a common way of talking about it. We can then use it to describe findings in security scans and pentests, or describe fixes in new software releases.
All CVE information is provided by the awesome NIST National Vulnerability Database. They publish data feeds on CVE’s that are grouped by year. I just split them up per CVE and put them here.
Let me know, please! I can’t think of all the use cases for this data on my own, so please share whatever I can do that makes this more useful to you.
Not yet. I'd love to provide one though, and make this API into a fully supported service. So if you want priority support, an LTS version, custom responses and/or something else, please contact me and tell me all about it.
This API is built and maintained by Dieter Van der Stock.
If you want to get in touch with me, feel free to e-mail me at cveapi@dietervds.be.