(#) cveapi: API for CVE data This API returns detailed information on specific security issues, specified by CVE number. # How to use this API ## Request !!! GET https://v1.cveapi.com/CVE-2019-9956.json ## Response ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ json { "cve": { "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-9956", "ASSIGNER": "cve@mitre.org" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "imagemagick", "product": { "product_data": [ { "product_name": "imagemagick", "version": { "version_data": [ { "version_value": "7.0.8-35", "version_affected": "=" } ] } } ] } }, { "vendor_name": "debian", "product": { "product_data": [ { "product_name": "debian_linux", "version": { "version_data": [ { "version_value": "9.0", "version_affected": "=" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html", "name": "openSUSE-SU-2019:1320", "refsource": "SUSE", "tags": [] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html", "name": "openSUSE-SU-2019:1331", "refsource": "SUSE", "tags": [] }, ... } ] }, "description": { "description_data": [ { "lang": "en", "value": "In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file." } ] } }, "configurations": { "CVE_data_version": "4.0", "nodes": [ { "operator": "OR", "cpe_match": [ { "vulnerable": true, "cpe23Uri": "cpe:2.3:a:imagemagick:imagemagick:7.0.8-35:q16:*:*:*:*:*:*" } ] }, { "operator": "OR", "cpe_match": [ { "vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" } ] } ] }, "impact": { "baseMetricV3": { "cvssV3": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 }, "baseMetricV2": { "cvssV2": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8 }, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } }, "publishedDate": "2019-03-24T00:29Z", "lastModifiedDate": "2019-05-14T13:29Z" } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ## Authentication No authentication is required. But let me know below how I can contact you, should that ever change. See next paragraph. # Staying informed of changes If you depend on this API in any important way please send me a quick email at cveapi@dietervds.be. Should anything change with the API format or authentication I will let you know. Cheers! # FAQ ## What’s a CVE number? Whenever a security vulnerability is found in a piece of software or hardware, it gets a unique number, like “[CVE-2019-9956](https://nvd.nist.gov/vuln/detail/CVE-2019-9956)”. Having a single ID for that issue then gives the entire security industry a common way of talking about it. We can then use it to describe findings in security scans and pentests, or describe fixes in new software releases. ## Where does the data come from? All CVE information is provided by the awesome [NIST National Vulnerability Database](https://nvd.nist.gov/). They publish [data feeds](https://nvd.nist.gov/vuln/data-feeds) on CVE’s that are grouped by year. I just split them up per CVE and put them here. ## What if this doesn’t solve my problem? Let me know, please! I can’t think of all the use cases for this data on my own, so please share whatever I can do that makes this more useful to you. ## Is there a Premium tier? Not yet. I'd love to provide one though, and make this API into a fully supported service. So if you want priority support, an LTS version, custom responses and/or something else, please contact me and tell me all about it. ## Who built this and how can I reach out? This API is built and maintained by [Dieter Van der Stock](https://twitter.com/dietervds).
If you want to get in touch with me, feel free to e-mail me at cveapi@dietervds.be.