cve-search Common Vulnerabilities and Exposures (CVE)

cve-search - Common Vulnerabilities and Exposure Web Interface and API


cve-search is accessible via a web interface and an HTTP API. cve-search is an interface to search publicly known information from security vulnerabilities in software and hardware along with their corresponding exposures.

cve-search includes the following data-feeds:

cve-search is a public service operated by CIRCL.

The HTTP API outputs JSON. The API is fully documented at the following location No authentication is required for the exposed functions, don’t get confused by the generic statement at the page saying:

Some API calls require authentication. These are colored yellow in the API Query list. Authentication is done in one of two ways:

For the colour blind: there are no yellow API calls ;)

Browse vendor and product

To get a JSON with all the vendors:


To get a JSON with all the products associated to a vendor:


Browse CVEs per vendor/product

To get a JSON with all the vulnerabilities per vendor and a specific product:


Get CVE per CVE-ID

To get a JSON of a specific CVE ID:


Get the last updated CVEs

To get a JSON of the last 30 CVEs including CAPEC, CWE and CPE expansions:


Get more information about the current CVE database

To get more information about the current databases in use and when it was updated:


Do you log search queries?

Yes, we do log the search queries to debug our software and acquire statistics about software vulnerabilities trending.

Where is the source code of the cve-search software?

cve-search source code is available on GitHub. The main authors of cve-search are Alexandre Dulaunoy and Pieter-Jan Moreels with the support of the community including CIRCL.

Is there a full-dump of the cve-search database?

You can access the full-dump from the CVE search dataset.

What are the software using API?