cve-search - Common Vulnerabilities and Exposure Web Interface and API
cve-search is accessible via a web interface and an HTTP API. cve-search is an interface to search publicly known information from security vulnerabilities in software and hardware along with their corresponding exposures.
cve-search includes the following data-feeds:
- NIST National Vulnerability Database
- Common Platform Enumeration (CPE)
- Common Weakness Enumeration (CWE)
- CIRCL incident statistics and threat ranking
cve-search is a public service operated by CIRCL.
Public Web API of cve-search
The HTTP API outputs JSON. The API is fully documented at the following location https://cve.circl.lu/api/.
Browse vendor and product
To get a JSON with all the vendors:
To get a JSON with all the products associated to a vendor:
Browse CVEs per vendor/product
To get a JSON with all the vulnerabilities per vendor and a specific product:
Get CVE per CVE-ID
To get a JSON of a specific CVE ID:
Get the last updated CVEs
To get a JSON of the last 30 CVEs including CAPEC, CWE and CPE expansions:
Get more information about the current CVE database
To get more information about the current databases in use and when it was updated:
Do you log search queries?
Yes, we do log the search queries to debug our software and acquire statistics about software vulnerabilities trending.
Where is the source code of the cve-search software?
Is there a full-dump of the cve-search database?
You can request an access to the full-dump via the CIRCL data feeds CVE service.
What are the software using cve.circl.lu API?
- Scan systems with NMap and parse the output to a list of CVE’s, CWE’s and DPE’s by NorthernSec
- A python wrapper around https://cve.circl.lu by Martin Simon
- A python script by Matt Erasmus