{ "openapi": "3.1.0", "info": { "title": "VDB Manager API", "version": "1.0.0", "description": "# Vulnerability Database Manager API\n\nUnified access to CVE metadata and vulnerability data from multiple authoritative sources including MITRE, NIST NVD, VulnCheck, CISA KEV, GitHub Security Advisories, OSV, and EUVD.\n\n## Authentication\n\nAll endpoints require authentication. You will be provisioned with two credentials:\n\n- **Organization UUID** \u2014 your unique identifier (e.g., `123e4567-e89b-12d3-a456-426614174000`)\n- **Organization Secret** \u2014 a 64-character secret key\n\n### API Key Authentication (Recommended)\n\nThe simplest way to authenticate is to derive a static API key from your credentials and send it on every request:\n\n```\nAuthorization: ApiKey :\n```\n\nwhere `sha256-hex = hex(HMAC-SHA256(key=secret, data=orgId))`.\n\n**Complete example (Bash):**\n```bash\n#!/bin/bash\nexport VDB_ORG=\"123e4567-e89b-12d3-a456-426614174000\"\nexport VDB_SECRET=\"your-64-char-secret-key-here\"\n\n# Derive the API key (one-time; the value is constant for a given secret)\nAPI_KEY=$(echo -n \"${VDB_ORG}\" | openssl dgst -sha256 -hmac \"${VDB_SECRET}\" -hex | awk '{print $2}')\n\n# Use it\ncurl -H \"Authorization: ApiKey ${VDB_ORG}:${API_KEY}\" \\\n https://api.vdb.vulnetix.com/v1/info/CVE-2024-1234 | jq\n```\n\n**Security properties:**\n- Secret is never transmitted \u2014 only the derived HMAC digest is sent\n- Server performs constant-time comparison to prevent timing attacks\n- No expiry \u2014 the key remains valid until the secret is rotated\n- Revoke instantly by deactivating your organization (`isActive = false`)\n- Rotate by updating your organization secret; the derived key changes automatically\n\n### JWT via AWS SigV4 (Advanced)\n\nFor short-lived tokens, you can exchange a signed request for a JWT:\n\n1. **Sign** a request to `GET /v1/auth/token` using AWS Signature Version 4 (SHA-512)\n2. **Receive** a JWT (expires in 15 minutes)\n3. **Send** subsequent requests with `Authorization: Bearer `\n\nUse an AWS SDK rather than implementing the signature from scratch:\n\n| Language | Library / Package |\n|------------|----------------------------------|\n| Python | `botocore.auth.SigV4Auth` |\n| Node.js | `@aws-sdk/signature-v4` |\n| Go | `github.com/aws/aws-sdk-go-v2` |\n| Java | `software.amazon.awssdk:auth` |\n| Ruby | `aws-sdk-core` (Signer) |\n\nFor the full signing spec (algorithm, region, service, signed headers), see the [`/v1/auth/token`](#/Authentication/get_auth_token) endpoint documentation.\n\n### Rate Limiting\n- **Per-minute limit**: Configurable per organization (default: 5 requests/minute)\n- **Weekly limit**: Configurable per organization (default: 1000 requests/week)\n- **Limit = 0**: Unlimited access for that dimension\n- **Headers**: Rate limit info included in every response\n\n### Access Logging\nAll API requests are logged for:\n- Usage analytics and reporting\n- Rate limit enforcement\n- Security auditing", "contact": { "name": "API Support", "url": "https://github.com/Vulnetix/vdb-manager" }, "license": { "name": "MIT", "url": "https://opensource.org/licenses/MIT" } }, "servers": [ { "url": "https://api.vdb.vulnetix.com/v1", "description": "Production VDB API Server" }, { "url": "http://127.0.0.1:8778/v1", "description": "Local Development" } ], "paths": { "/auth/token": { "get": { "summary": "Get JWT authentication token", "description": "Exchange VdbOrganization credentials for a JWT token using AWS Signature Version 4 (SigV4 SHA-512) request signing.\n\n**Credential Model:**\n- Your **VdbOrganization UUID** serves as the access key (e.g., `123e4567-e89b-12d3-a456-426614174000`)\n- Your **VdbOrganization Secret** (64-char string) is the secret key\n- No separate credential objects - credentials are inherent to your VdbOrganization\n\n**Signing Requirements:**\n- Algorithm: AWS4-HMAC-SHA512\n- Region: us-east-1\n- Service: vdb\n- Signed Headers: x-amz-date\n\n**Note:** Only `x-amz-date` is signed for browser compatibility. Browsers block JavaScript from setting the `host` header, so we exclude it from the signature to ensure consistent behavior across all clients.\n\nThe request must be signed using AWS SigV4 with the SHA-512 algorithm. Upon successful authentication, a JWT token is returned with a 15-minute expiration.", "tags": [ "Authentication" ], "parameters": [ { "name": "Authorization", "in": "header", "required": true, "schema": { "type": "string" }, "description": "AWS SigV4 Authorization header with SHA-512 signature. Use your VdbOrganization UUID as the access key.", "example": "AWS4-HMAC-SHA512 Credential=123e4567-e89b-12d3-a456-426614174000/20240101/us-east-1/vdb/aws4_request, SignedHeaders=x-amz-date, Signature=..." }, { "name": "X-Amz-Date", "in": "header", "required": true, "schema": { "type": "string" }, "description": "ISO8601 timestamp in format YYYYMMDDTHHMMSSZ", "example": "20240101T120000Z" } ], "responses": { "200": { "description": "Successfully authenticated and JWT token issued", "content": { "application/json": { "schema": { "type": "object", "required": [ "token", "iss", "sub", "exp" ], "properties": { "token": { "type": "string", "description": "JWT token (expires in 15 minutes)", "example": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ1cm46dnVsbmV0aXg6dmRiIiwic3ViIjoidXJuOnV1aWQ6MTIzZTQ1NjctZTg5Yi0xMmQzLWE0NTYtNDI2NjE0MTc0MDAwIiwib3JnSWQiOiIxMjNlNDU2Ny1lODliLTEyZDMtYTQ1Ni00MjY2MTQxNzQwMDAiLCJhY2Nlc3NLZXkiOiJ2dWxuZXRpeF9hY2Nlc3NrZXkxMjMiLCJpYXQiOjE3MDQxMDk1MDAsImV4cCI6MTcwNDExMDQwMH0.signature" }, "iss": { "type": "string", "description": "Token issuer (always \"urn:vulnetix:vdb\")", "example": "urn:vulnetix:vdb" }, "sub": { "type": "string", "description": "Token subject - your VdbOrganization UUID in URN format (this is the same UUID used as your access key)", "example": "urn:uuid:123e4567-e89b-12d3-a456-426614174000" }, "exp": { "type": "integer", "description": "Token expiration time (Unix timestamp)", "example": 1704110400 } } }, "example": { "token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ1cm46dnVsbmV0aXg6dmRiIiwic3ViIjoidXJuOnV1aWQ6MTIzZTQ1NjctZTg5Yi0xMmQzLWE0NTYtNDI2NjE0MTc0MDAwIiwib3JnSWQiOiIxMjNlNDU2Ny1lODliLTEyZDMtYTQ1Ni00MjY2MTQxNzQwMDAiLCJhY2Nlc3NLZXkiOiJ2dWxuZXRpeF9hY2Nlc3NrZXkxMjMiLCJpYXQiOjE3MDQxMDk1MDAsImV4cCI6MTcwNDExMDQwMH0.signature", "iss": "urn:vulnetix:vdb", "sub": "urn:uuid:123e4567-e89b-12d3-a456-426614174000", "exp": 1704110400 } } } }, "401": { "description": "Authentication failed - invalid credentials or signature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied - credentials inactive or expired", "content": { "application/json": { "schema": { "type": "object", "properties": { "success": { "type": "boolean", "example": false }, "error": { "type": "string", "example": "Access denied from this IP address" } } } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "security": [], "operationId": "getAuthToken" }, "post": { "operationId": "postAuthToken", "summary": "POST auth token (unsupported)", "description": "Authentication uses GET with AWS SigV4. POST is not supported and always returns 400.", "tags": [ "Auth" ], "responses": { "400": { "description": "POST method not supported \u2014 use GET with AWS SigV4 Authorization header", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "security": [] } }, "/info/{identifier}": { "get": { "summary": "Get CVE information", "description": "Returns comprehensive CVE metadata including data source coverage, R2 file tracking, aggregated counts, and resource links. Supports lookups by CVE ID (e.g., CVE-2024-1234). Requires JWT authentication via Bearer token.", "tags": [ "CVE Information" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "identifier", "in": "path", "required": true, "schema": { "type": "string" }, "description": "CVE identifier (e.g., CVE-2024-1234 or 2024-1234)", "example": "CVE-2024-1234" } ], "responses": { "200": { "description": "Successful response with CVE information", "content": { "application/json": { "schema": { "type": "object", "required": [ "_identifier", "_timestamp", "cache_hit", "matched", "gcve", "sources", "aliases", "references", "problemTypes", "metrics", "affected", "impacts", "descriptions", "scorecards", "links" ], "properties": { "_identifier": { "type": "string", "description": "The CVE identifier that was queried", "example": "CVE-2024-1234" }, "_timestamp": { "type": "integer", "description": "Current Unix timestamp when response was generated", "example": 1704067200 }, "cache_hit": { "type": "boolean", "description": "Whether the response was served from KV cache (false if database was queried)", "example": false }, "matched": { "type": "boolean", "description": "Whether any CVE record or R2 file was found for this identifier", "example": true }, "gcve": { "type": "boolean", "description": "Whether any data source has a GCVE (Global CVE) issuance record", "example": false }, "lastFetchedAt": { "type": "integer", "nullable": true, "description": "Latest fetch timestamp across all sources (Unix timestamp)", "example": 1704000000 }, "lastEnrichedAt": { "type": "integer", "nullable": true, "description": "Latest enrichment timestamp across all sources (Unix timestamp)", "example": 1704010000 }, "sources": { "type": "array", "description": "List of data sources that have information about this CVE", "items": { "type": "object", "required": [ "name", "processing" ], "properties": { "name": { "type": "string", "description": "Data source name", "enum": [ "mitre", "nist-nvd", "vulncheck-nvd", "vulncheck-kev", "cisa-kev", "ghsa", "osv", "euvd" ], "example": "mitre" }, "processing": { "type": "boolean", "description": "True if only R2 file exists (still processing), false if CVE metadata is available", "example": false } } }, "example": [ { "name": "mitre", "processing": false }, { "name": "nist-nvd", "processing": false } ] }, "aliases": { "type": "array", "description": "List of alias identifiers for this CVE", "items": { "type": "string" }, "example": [ "GHSA-xxxx-xxxx-xxxx", "PYSEC-2024-1234" ] }, "references": { "type": "integer", "description": "Total number of reference URLs across all sources", "example": 42 }, "problemTypes": { "type": "integer", "description": "Total number of problem type/CWE associations across all sources", "example": 3 }, "metrics": { "type": "integer", "description": "Total number of metrics (CVSS scores, SSVC, etc.) across all sources", "example": 5 }, "affected": { "type": "integer", "description": "Total number of affected product records across all sources", "example": 8 }, "impacts": { "type": "integer", "description": "Total number of impact records (CAPEC-based) across all sources", "example": 2 }, "descriptions": { "type": "integer", "description": "Total number of description records across all sources", "example": 4 }, "scorecards": { "type": "integer", "description": "Total number of OpenSSF Scorecard associations across all sources", "example": 1 }, "links": { "type": "array", "description": "Resource links for accessing CVE data", "items": { "type": "object", "required": [ "type", "format", "url" ], "properties": { "type": { "type": "string", "description": "Link type - \"page\" for web UI, or source name for R2 downloads", "example": "mitre" }, "format": { "type": "string", "description": "Data format/schema (e.g., \"http\", \"cvelistV5\", \"osv\", \"nvd-json-2.0\")", "example": "cvelistV5", "default": "http" }, "url": { "type": "string", "format": "uri", "description": "Full URL to the resource", "example": "https://artifacts.vulnetix.com/mitre-cve/files/abc123/CVE-2024-1234.json" } } }, "example": [ { "type": "page", "format": "http", "url": "https://vdb.vulnetix.com/CVE-2024-1234" }, { "type": "mitre", "format": "cvelistV5", "url": "https://artifacts.vulnetix.com/mitre-cve/files/abc123/CVE-2024-1234.json" } ] }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } }, "example": { "_identifier": "CVE-2024-1234", "_timestamp": 1704067200, "cache_hit": false, "matched": true, "gcve": false, "lastFetchedAt": 1704000000, "lastEnrichedAt": 1704010000, "sources": [ { "name": "mitre", "processing": false }, { "name": "nist-nvd", "processing": false } ], "aliases": [ "GHSA-xxxx-xxxx-xxxx" ], "references": 42, "problemTypes": 3, "metrics": 5, "affected": 8, "impacts": 2, "descriptions": 4, "scorecards": 1, "links": [ { "type": "page", "format": "http", "url": "https://vdb.vulnetix.com/CVE-2024-1234" }, { "type": "mitre", "format": "cvelistV5", "url": "https://artifacts.vulnetix.com/mitre-cve/files/abc123/CVE-2024-1234.json" } ] } } } }, "401": { "description": "Authentication required - missing or invalid JWT token", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "404": { "description": "CVE not found in any data source", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getCveInfo" } }, "/vuln/{identifier}": { "get": { "summary": "Get vulnerability data in CVEListV5 format (per source)", "description": "Returns an array of CVEListV5 format records, one for each distinct data source that has information about the vulnerability.\n\nEach record follows the official CVE Record Format schema (CVEListV5) and includes:\n- Core CVE metadata (cveId, state, dates)\n- CNA (CVE Numbering Authority) container with descriptions, affected products, references, CVSS metrics, and problem types\n- ADP (Authorized Data Publisher) containers if available\n- Vulnetix enrichment container with EPSS, CESS, KEV data, AI analyses, aliases, and impacts\n\nThis endpoint is useful for:\n- Understanding how different sources describe the same vulnerability\n- Comparing CVSS scores across sources\n- Accessing source-specific affected product information\n- Getting the most comprehensive view of a vulnerability\n\nRequires JWT authentication via Bearer token.", "tags": [ "Vulnerability Data" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "identifier", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Vulnerability identifier. Supports all identifiers stored in CVEMetadata including: CVE-* (Common Vulnerabilities and Exposures), GHSA-* (GitHub Security Advisory), PYSEC-* (Python Security), RUSTSEC-* (Rust Security), GO-* (Go vulnerabilities), OSV-* (Open Source Vulnerabilities), EUVD-* (EU Vulnerability Database), and any other ecosystem-specific identifiers.", "example": "CVE-2024-1234" } ], "responses": { "200": { "description": "Successful response with array of CVEListV5 format records", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/CVEListV5Record" } }, "example": [ { "dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": { "cveId": "CVE-2024-1234", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "datePublished": "2024-01-15T10:30:00Z", "dateUpdated": "2024-01-20T14:22:00Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "title": "Buffer overflow in Example Library", "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability in Example Library 1.2.3 allows remote attackers to execute arbitrary code." } ], "affected": [], "references": [ { "url": "https://example.com/advisory", "name": "Vendor Advisory", "tags": [ "vendor-advisory" ] } ], "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer" } ] } ], "metrics": [ { "cvssV3_1": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" } } ] }, "adp": [ { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "VVD" }, "title": "Vulnetix Vulnerability Database Enrichment", "x_generatorVersion": "0.2.0", "x_generatedAt": "2024-01-21T09:15:00Z", "x_enrichmentSource": "Vulnetix Vulnerability Database", "x_dataSource": "mitre", "x_dataCollected": [ "descriptions", "metrics", "references", "epss" ], "x_epss": { "score": 0.02456, "percentile": 0.86234, "date": "2024-01-20", "modelVersion": "v2023.03.01" }, "x_aliases": [ "GHSA-xxxx-yyyy-zzzz" ] } ] } } ] } } }, "400": { "description": "Invalid request - missing identifier", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "description": "Authentication required - missing or invalid JWT token", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "404": { "description": "Vulnerability not found in any data source", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getVuln" } }, "/exploits/{identifier}": { "get": { "summary": "Get exploit and sighting data", "description": "Returns enriched exploit records for a given vulnerability identifier including:\n\n- **ExploitDB** - Verified proof-of-concept exploits with raw exploit code\n- **Metasploit** - Weaponized exploitation modules from Metasploit Framework\n- **Nuclei Templates** - Detection and exploitation templates from ProjectDiscovery\n- **VulnerabilityLab** - Research-grade exploit publications\n- **VulnCheck XDB** - Known exploited vulnerabilities database\n- **CrowdSec** - Real-world attack sightings and IP intelligence\n- **GitHub PoCs** - Community-contributed proof-of-concept code\n\nEach exploit record includes full details, metadata, and raw templates/code when available from R2 storage.\n\nSupports lookups by CVE ID (e.g., CVE-2024-1234) and other vulnerability identifiers. Requires JWT authentication via Bearer token.", "tags": [ "Exploit Intelligence" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "identifier", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Vulnerability identifier (e.g., CVE-2024-1234, 2024-1234, GHSA-xxxx-xxxx-xxxx)", "example": "CVE-2024-1234" }, { "name": "include_content", "in": "query", "required": false, "schema": { "type": "boolean", "default": false }, "description": "When true, includes raw exploit content (metasploit modules, PoC code, ExploitDB entries) fetched from R2 storage" } ], "responses": { "200": { "description": "Successful response with exploit data", "content": { "application/json": { "schema": { "type": "object", "required": [ "identifier", "timestamp", "count", "summary", "exploits" ], "properties": { "identifier": { "type": "string", "description": "Normalized vulnerability identifier", "example": "CVE-2024-1234" }, "timestamp": { "type": "integer", "description": "Unix timestamp when response was generated", "example": 1704067200 }, "count": { "type": "integer", "description": "Total number of exploit records found", "example": 15 }, "summary": { "type": "object", "description": "Count breakdown by exploit source", "properties": { "exploitDb": { "type": "integer", "description": "ExploitDB records", "example": 3 }, "metasploit": { "type": "integer", "description": "Metasploit modules", "example": 2 }, "nuclei": { "type": "integer", "description": "Nuclei templates", "example": 1 }, "vulnerabilityLab": { "type": "integer", "description": "VulnerabilityLab records", "example": 1 }, "vulnCheckXDB": { "type": "integer", "description": "VulnCheck XDB records", "example": 1 }, "vulnCheckReportedExploitation": { "type": "integer", "description": "VulnCheck Reported Exploitation records", "example": 0 }, "crowdSec": { "type": "integer", "description": "CrowdSec sightings", "example": 5 }, "github": { "type": "integer", "description": "GitHub PoCs", "example": 2 }, "other": { "type": "integer", "description": "Other exploit references", "example": 0 } } }, "exploits": { "type": "array", "description": "Array of enriched exploit records (sorted by date, most recent first)", "items": { "type": "object", "properties": { "uuid": { "type": "string", "description": "Unique identifier for this record" }, "cveId": { "type": "string", "description": "CVE identifier" }, "source": { "type": "string", "description": "Data source name" }, "url": { "type": "string", "description": "Reference URL" }, "type": { "type": "string", "description": "Reference type (exploit, poc, sighting)" }, "referenceSource": { "type": "string", "description": "Reference source attribution" }, "title": { "type": "string", "description": "Exploit title or description" }, "createdAt": { "type": "integer", "description": "Unix timestamp when created" }, "httpStatus": { "type": "integer", "nullable": true, "description": "HTTP status of reference URL" }, "deadLink": { "type": "boolean", "description": "Whether the reference URL is a dead link" }, "exploitDb": { "type": "object", "description": "ExploitDB enrichment data", "properties": { "id": { "type": "string", "description": "ExploitDB ID", "example": "51234" }, "author": { "type": "string", "description": "Exploit author" }, "date": { "type": "integer", "description": "Publication date (Unix timestamp)" }, "platform": { "type": "string", "description": "Target platform", "example": "linux" }, "type": { "type": "string", "description": "Exploit type", "example": "remote" }, "port": { "type": "integer", "description": "Target port number", "example": 80 }, "verified": { "type": "boolean", "description": "Verified exploit flag" }, "rawUrl": { "type": "string", "description": "URL to raw exploit code" }, "rawContent": { "type": "string", "description": "Raw exploit code (from R2 cache)" }, "r2Path": { "type": "string", "description": "R2 storage path" } } }, "metasploit": { "type": "object", "description": "Metasploit module enrichment", "properties": { "modulePath": { "type": "string", "description": "Module file path", "example": "/modules/exploits/linux/http/apache_exploit.rb" }, "moduleUrl": { "type": "string", "description": "GitHub module URL" }, "rawUrl": { "type": "string", "description": "Raw module content URL" }, "moduleContent": { "type": "string", "description": "Module source code (from R2 cache)" }, "r2Path": { "type": "string", "description": "R2 storage path" } } }, "nuclei": { "type": "object", "description": "Nuclei template enrichment", "properties": { "path": { "type": "string", "description": "Template file path" }, "commitSha": { "type": "string", "description": "Git commit SHA" }, "commitAuthorName": { "type": "string", "description": "Commit author name" }, "commitCommitterName": { "type": "string", "description": "Commit committer name" }, "commitCommitterEmail": { "type": "string", "description": "Committer email" }, "commitMessage": { "type": "string", "description": "Commit message" }, "commentCount": { "type": "integer", "description": "Number of comments" }, "templateUrl": { "type": "string", "description": "GitHub template URL" }, "rawUrl": { "type": "string", "description": "Raw template URL" } } }, "vulnerabilityLab": { "type": "object", "description": "VulnerabilityLab enrichment", "properties": { "id": { "type": "string", "description": "VulnerabilityLab ID" }, "title": { "type": "string", "description": "Document title" }, "createdAt": { "type": "integer", "description": "Release date (Unix timestamp)" }, "updatedAt": { "type": "integer", "description": "Last update date" }, "exploitationTechnique": { "type": "string", "description": "Exploitation technique", "example": "Remote" }, "authenticationType": { "type": "string", "description": "Authentication type" }, "userInteraction": { "type": "string", "description": "User interaction required" }, "author": { "type": "string", "description": "Research author" }, "url": { "type": "string", "description": "VulnerabilityLab URL" } } }, "vulnCheckXDB": { "type": "object", "description": "VulnCheck XDB enrichment", "properties": { "id": { "type": "string", "description": "XDB exploit ID" }, "url": { "type": "string", "description": "Exploit URL" }, "dateAdded": { "type": "integer", "description": "Date added to XDB" }, "exploitType": { "type": "string", "description": "Exploit type" }, "cloneSshUrl": { "type": "string", "description": "Git clone SSH URL" }, "kevId": { "type": "string", "description": "Associated KEV ID" } } }, "crowdSec": { "type": "object", "description": "CrowdSec sighting data", "properties": { "ip": { "type": "string", "description": "IP address", "example": "192.168.1.100" }, "reputation": { "type": "string", "description": "IP reputation", "example": "malicious" }, "confidence": { "type": "string", "description": "Confidence level" }, "backgroundNoiseScore": { "type": "integer", "description": "Background noise score" }, "firstSeen": { "type": "integer", "description": "First seen Unix timestamp" }, "lastSeen": { "type": "integer", "description": "Last seen Unix timestamp" }, "asName": { "type": "string", "description": "AS name" }, "asNum": { "type": "integer", "description": "AS number" }, "country": { "type": "string", "description": "Country code", "example": "US" }, "city": { "type": "string", "description": "City name" }, "latitude": { "type": "number", "description": "Latitude" }, "longitude": { "type": "number", "description": "Longitude" }, "behaviors": { "type": "array", "items": { "type": "string" }, "description": "Attack behaviors" }, "attackDetails": { "type": "array", "items": { "type": "string" }, "description": "Attack details" }, "mitreTechniques": { "type": "array", "items": { "type": "string" }, "description": "MITRE ATT&CK techniques" }, "reverseDns": { "type": "string", "description": "Reverse DNS" }, "targetCountries": { "type": "object", "description": "Target countries JSON object" } } }, "githubPR": { "type": "object", "description": "GitHub Pull Request enrichment" }, "githubCommit": { "type": "object", "description": "GitHub Commit enrichment" }, "githubGist": { "type": "object", "description": "GitHub Gist enrichment" } } } }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } }, "example": { "identifier": "CVE-2024-1234", "timestamp": 1704067200, "count": 3, "summary": { "exploitDb": 2, "metasploit": 1, "nuclei": 0, "vulnerabilityLab": 0, "vulnCheckXDB": 0, "vulnCheckReportedExploitation": 0, "crowdSec": 0, "github": 0, "other": 0 }, "exploits": [ { "uuid": "abc123", "cveId": "CVE-2024-1234", "source": "mitre", "url": "https://www.exploit-db.com/exploits/51234", "type": "exploit", "referenceSource": "ExploitDB", "title": "Apache 2.4.50 - Remote Code Execution", "createdAt": 1704000000, "exploitDb": { "id": "51234", "author": "John Doe", "date": 1704000000, "platform": "linux", "type": "remote", "port": 80, "verified": true, "rawUrl": "https://www.exploit-db.com/raw/51234" } } ] } } } }, "401": { "description": "Authentication required - missing or invalid JWT token", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getExploits" } }, "/product/{name}": { "get": { "summary": "Get product information by package name", "description": "Returns normalized product/package information with all versions and sources across all data tables.\n\nThis endpoint searches the product index view (v_product_index) which aggregates data from:\n- GitHub Repositories (packageName, name)\n- CVE Affected Products (product, packageName)\n- Package Versions (packageName, ecosystem)\n- Dependencies (name, packageEcosystem)\n- CISA KEV (product)\n- VulnCheck KEV (product)\n- CVE Metadata (affectedProduct)\n- OpenSSF Scorecard (repositoryName)\n\nResults are paginated and include source attribution for each version.", "tags": [ "Product/Package API" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "name", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Package/product name (case-insensitive)", "example": "express" }, { "name": "limit", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 1, "maximum": 500, "default": 100 }, "description": "Maximum number of results per page (default: 100, max: 500)", "example": 100 }, { "name": "offset", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 0, "default": 0 }, "description": "Number of results to skip for pagination (default: 0)", "example": 0 } ], "responses": { "200": { "description": "Successful response with product information", "content": { "application/json": { "schema": { "type": "object", "required": [ "packageName", "timestamp", "total", "limit", "offset", "hasMore", "versions" ], "properties": { "packageName": { "type": "string", "description": "Normalized package name (lowercase)" }, "timestamp": { "type": "integer", "description": "Unix timestamp when response was generated" }, "total": { "type": "integer", "description": "Total number of versions before pagination" }, "limit": { "type": "integer", "description": "Results per page limit" }, "offset": { "type": "integer", "description": "Number of results skipped" }, "hasMore": { "type": "boolean", "description": "Whether more results are available" }, "versions": { "type": "array", "items": { "type": "object", "properties": { "version": { "type": "string" }, "ecosystem": { "type": "string", "enum": [ "npm", "pypi", "maven", "rubygems", "cargo", "go", "nuget", "generic", "unknown" ] }, "sources": { "type": "array", "items": { "type": "object", "properties": { "sourceTable": { "type": "string" }, "sourceId": { "type": "string" } } } } } } } } }, "example": { "packageName": "express", "timestamp": 1700000000, "total": 523, "limit": 100, "offset": 0, "hasMore": true, "versions": [ { "version": "4.18.2", "ecosystem": "npm", "sources": [ { "sourceTable": "package_version", "sourceId": "uuid-123" }, { "sourceTable": "github_repository", "sourceId": "12345" } ] } ] } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getProduct" } }, "/product/{name}/{version}": { "get": { "summary": "Get product information for specific version", "description": "Returns normalized product information filtered by package name and version. Includes all ecosystems and sources for that specific version.", "tags": [ "Product/Package API" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "name", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Package/product name (case-insensitive)", "example": "express" }, { "name": "version", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Specific version number", "example": "4.18.2" }, { "name": "limit", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 1, "maximum": 500, "default": 100 }, "description": "Maximum number of results per page" }, { "name": "offset", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 0, "default": 0 }, "description": "Number of results to skip" } ], "responses": { "200": { "description": "Successful response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ProductResponse" } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getProductVersion" } }, "/product/{name}/{version}/{ecosystem}": { "get": { "summary": "Get product information for specific version and ecosystem", "description": "Returns normalized product information filtered by package name, version, and ecosystem. Most specific query endpoint.", "tags": [ "Product/Package API" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "name", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Package/product name (case-insensitive)", "example": "express" }, { "name": "version", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Specific version number", "example": "4.18.2" }, { "name": "ecosystem", "in": "path", "required": true, "schema": { "type": "string", "enum": [ "npm", "pypi", "maven", "rubygems", "cargo", "go", "nuget", "generic", "unknown" ] }, "description": "Package ecosystem", "example": "npm" }, { "name": "limit", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 1, "maximum": 500, "default": 100 }, "description": "Maximum number of results per page" }, { "name": "offset", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 0, "default": 0 }, "description": "Number of results to skip" } ], "responses": { "200": { "description": "Successful response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ProductResponse" } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getProductVersionEcosystem" } }, "/ecosystems": { "get": { "summary": "List all package ecosystems", "description": "Returns list of all supported package ecosystems with usage counts (number of unique packages per ecosystem).", "tags": [ "Enumerations" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "responses": { "200": { "description": "Successful response with ecosystem list", "content": { "application/json": { "schema": { "type": "object", "required": [ "timestamp", "ecosystems" ], "properties": { "timestamp": { "type": "integer", "description": "Unix timestamp when response was generated" }, "ecosystems": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "description": "Ecosystem name" }, "count": { "type": "integer", "description": "Number of unique packages" } } } } } }, "example": { "timestamp": 1700000000, "ecosystems": [ { "name": "npm", "count": 12345 }, { "name": "pypi", "count": 8901 }, { "name": "maven", "count": 5432 } ] } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getEcosystems" } }, "/sources": { "get": { "summary": "List all CVE data sources", "description": "Returns list of all vulnerability data sources with display metadata and usage counts (number of CVE records per source).", "tags": [ "Enumerations" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "responses": { "200": { "description": "Successful response with source list", "content": { "application/json": { "schema": { "type": "object", "required": [ "timestamp", "sources" ], "properties": { "timestamp": { "type": "integer", "description": "Unix timestamp when response was generated" }, "sources": { "type": "array", "items": { "type": "object", "required": [ "id", "displayName", "shortName", "description", "count" ], "properties": { "id": { "type": "string", "description": "Source identifier used in API queries", "example": "nvd" }, "displayName": { "type": "string", "description": "Human-readable source name", "example": "National Vulnerability Database" }, "shortName": { "type": "string", "description": "Abbreviated source name", "example": "NVD" }, "description": { "type": "string", "description": "Source description", "example": "NIST National Vulnerability Database" }, "count": { "type": "integer", "description": "Number of CVE records from this source" } } } } } }, "example": { "timestamp": 1700000000, "sources": [ { "id": "mitre", "displayName": "MITRE CVE", "shortName": "MITRE", "description": "MITRE CVE database", "count": 250000 }, { "id": "nvd", "displayName": "National Vulnerability Database", "shortName": "NVD", "description": "NIST National Vulnerability Database", "count": 240000 }, { "id": "osv", "displayName": "Open Source Vulnerabilities", "shortName": "OSV", "description": "Open Source Vulnerabilities database", "count": 85000 } ] } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getSources" } }, "/metric-types": { "get": { "summary": "List CVSS metric types", "description": "Returns list of vulnerability metric/scoring types with usage counts (number of metric records per type).", "tags": [ "Enumerations" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "responses": { "200": { "description": "Successful response with metric type list", "content": { "application/json": { "schema": { "type": "object", "required": [ "timestamp", "metricTypes" ], "properties": { "timestamp": { "type": "integer", "description": "Unix timestamp when response was generated" }, "metricTypes": { "type": "array", "items": { "type": "object", "required": [ "name", "count" ], "properties": { "name": { "type": "string", "description": "Metric type identifier", "enum": [ "cvssV2_0", "cvssV3_0", "cvssV3_1", "cvssV4_0", "ssvc", "other" ] }, "count": { "type": "integer", "description": "Number of metric records of this type" } } } } } }, "example": { "timestamp": 1700000000, "metricTypes": [ { "name": "cvssV3_1", "count": 180000 }, { "name": "cvssV2_0", "count": 120000 }, { "name": "cvssV4_0", "count": 15000 }, { "name": "ssvc", "count": 8000 }, { "name": "other", "count": 500 } ] } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getMetricTypes" } }, "/exploit-sources": { "get": { "summary": "List exploit reference sources", "description": "Returns list of exploit and reference sources with usage counts (e.g., ExploitDB, Metasploit, Nuclei, CrowdSec, GitHub PoC).", "tags": [ "Enumerations" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "responses": { "200": { "description": "Successful response with exploit source list", "content": { "application/json": { "schema": { "type": "object", "required": [ "timestamp", "exploitSources" ], "properties": { "timestamp": { "type": "integer", "description": "Unix timestamp when response was generated" }, "exploitSources": { "type": "array", "items": { "type": "object", "required": [ "name", "count" ], "properties": { "name": { "type": "string", "description": "Exploit reference source name", "example": "ExploitDB" }, "count": { "type": "integer", "description": "Number of references from this source" } } } } } }, "example": { "timestamp": 1700000000, "exploitSources": [ { "name": "ExploitDB", "count": 45000 }, { "name": "Metasploit", "count": 12000 }, { "name": "nuclei-templates", "count": 8500 }, { "name": "GitHub PoC", "count": 6200 }, { "name": "CROWDSEC", "count": 3100 } ] } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getExploitSources" } }, "/exploit-types": { "get": { "summary": "List ExploitDB exploit types", "description": "Returns list of ExploitDB exploit classification types with usage counts.", "tags": [ "Enumerations" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "responses": { "200": { "description": "Successful response with exploit type list", "content": { "application/json": { "schema": { "type": "object", "required": [ "timestamp", "exploitTypes" ], "properties": { "timestamp": { "type": "integer", "description": "Unix timestamp when response was generated" }, "exploitTypes": { "type": "array", "items": { "type": "object", "required": [ "name", "count" ], "properties": { "name": { "type": "string", "description": "Exploit type classification", "enum": [ "remote", "local", "dos" ] }, "count": { "type": "integer", "description": "Number of exploits of this type" } } } } } }, "example": { "timestamp": 1700000000, "exploitTypes": [ { "name": "remote", "count": 28000 }, { "name": "local", "count": 12000 }, { "name": "dos", "count": 5000 } ] } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getExploitTypes" } }, "/fix-distributions": { "get": { "summary": "List supported Linux distributions for fix patches", "description": "Returns the list of Linux distributions whose security advisories are detected and parsed by the fix intelligence endpoint.", "tags": [ "Enumerations" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "responses": { "200": { "description": "Successful response with distribution list", "content": { "application/json": { "schema": { "type": "object", "required": [ "timestamp", "distributions" ], "properties": { "timestamp": { "type": "integer", "description": "Unix timestamp when response was generated" }, "distributions": { "type": "array", "items": { "type": "object", "required": [ "name", "displayName", "advisoryPrefix", "count" ], "properties": { "name": { "type": "string", "description": "Distribution identifier used in API responses", "example": "ubuntu" }, "displayName": { "type": "string", "description": "Human-readable distribution name", "example": "Ubuntu" }, "advisoryPrefix": { "type": "string", "nullable": true, "description": "Advisory ID prefix (e.g., USN, DSA, RHSA)", "example": "USN" }, "count": { "type": "integer", "description": "Number of references matching this distribution" } } } } } }, "example": { "timestamp": 1700000000, "distributions": [ { "name": "ubuntu", "displayName": "Ubuntu", "advisoryPrefix": "USN", "count": 1200 }, { "name": "debian", "displayName": "Debian", "advisoryPrefix": "DSA", "count": 980 }, { "name": "redhat", "displayName": "Red Hat", "advisoryPrefix": "RHSA", "count": 850 }, { "name": "almalinux", "displayName": "AlmaLinux", "advisoryPrefix": "ALSA", "count": 420 }, { "name": "alpine", "displayName": "Alpine Linux", "advisoryPrefix": null, "count": 310 }, { "name": "suse", "displayName": "openSUSE / SUSE", "advisoryPrefix": "openSUSE-SU", "count": 275 }, { "name": "rockylinux", "displayName": "Rocky Linux", "advisoryPrefix": "RLSA", "count": 190 } ] } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getFixDistributions" } }, "/{package}/versions": { "get": { "summary": "Get all versions for a package", "description": "Returns all known versions for a package across all data sources with pagination support.", "tags": [ "Product/Package API" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "package", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Package name (case-insensitive)", "example": "express" }, { "name": "limit", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 1, "maximum": 500, "default": 100 }, "description": "Maximum number of results per page" }, { "name": "offset", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 0, "default": 0 }, "description": "Number of results to skip" } ], "responses": { "200": { "description": "Successful response with version list", "content": { "application/json": { "schema": { "type": "object", "required": [ "packageName", "timestamp", "total", "limit", "offset", "hasMore", "versions" ], "properties": { "packageName": { "type": "string" }, "timestamp": { "type": "integer" }, "total": { "type": "integer", "description": "Total versions before pagination" }, "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "versions": { "type": "array", "items": { "type": "object", "properties": { "version": { "type": "string" }, "ecosystem": { "type": "string" }, "sources": { "type": "array", "items": { "type": "string" } } } } } } }, "example": { "packageName": "express", "timestamp": 1700000000, "total": 523, "limit": 100, "offset": 0, "hasMore": true, "versions": [ { "version": "4.18.2", "ecosystem": "npm", "sources": [ "package_version", "github_repository" ] } ] } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getPackageVersions" } }, "/gcve": { "get": { "summary": "Search CVEs by date range", "description": "Returns paginated CVEListV5 records published within a date range. Each record includes full enrichment (EPSS, CESS, KEV, SSVC, exploitation maturity, attack surface, remediation timeline).", "tags": [ "GCVE Search" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "start", "in": "query", "required": true, "schema": { "type": "string", "format": "date" }, "description": "Start date (YYYY-MM-DD, inclusive)", "example": "2024-01-01" }, { "name": "end", "in": "query", "required": true, "schema": { "type": "string", "format": "date" }, "description": "End date (YYYY-MM-DD, inclusive)", "example": "2024-01-31" }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "minimum": 1, "maximum": 500 }, "description": "Maximum number of records to return" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0, "minimum": 0 }, "description": "Number of records to skip for pagination" }, { "name": "source", "in": "query", "schema": { "type": "string" }, "description": "Filter by data source (e.g., mitre, nist-nvd, vulncheck-nvd)", "example": "mitre" } ], "responses": { "200": { "description": "Paginated CVEListV5 records within the date range", "content": { "application/json": { "schema": { "type": "object", "required": [ "timestamp", "total", "limit", "offset", "hasMore", "dateRange", "records" ], "properties": { "timestamp": { "type": "integer", "description": "Unix timestamp of response" }, "total": { "type": "integer", "description": "Total matching records" }, "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "dateRange": { "type": "object", "properties": { "start": { "type": "string", "format": "date" }, "end": { "type": "string", "format": "date" } } }, "records": { "type": "array", "items": { "$ref": "#/components/schemas/CVEListV5Record" } } } } } } }, "400": { "description": "Invalid request parameters", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "searchGcve" } }, "/gcve/{year}/{month}": { "get": { "summary": "List GCVE issuance identifiers by month", "description": "Returns a paginated list of GCVE issuance identifiers (GCVE-VVD-YYYY-NNNN) published in the specified calendar month.", "tags": [ "GCVE Search" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "year", "in": "path", "required": true, "schema": { "type": "integer", "minimum": 2020 }, "description": "4-digit publication year", "example": 2025 }, { "name": "month", "in": "path", "required": true, "schema": { "type": "integer", "minimum": 1, "maximum": 12 }, "description": "Publication month (1\u201312)", "example": 3 }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "minimum": 1, "maximum": 500 }, "description": "Maximum number of records to return" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0, "minimum": 0 }, "description": "Number of records to skip for pagination" } ], "responses": { "200": { "description": "Paginated GCVE issuance identifiers for the requested month", "content": { "application/json": { "schema": { "type": "object", "required": [ "timestamp", "year", "month", "total", "limit", "offset", "hasMore", "identifiers" ], "properties": { "timestamp": { "type": "integer", "description": "Unix millisecond timestamp of response" }, "year": { "type": "integer" }, "month": { "type": "integer" }, "total": { "type": "integer", "description": "Total matching issuances" }, "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "identifiers": { "type": "array", "items": { "type": "object", "required": [ "gcveId", "cveId", "datePublished" ], "properties": { "gcveId": { "type": "string", "example": "GCVE-VVD-2025-0042" }, "cveId": { "type": "string", "example": "CVE-2025-1234" }, "datePublished": { "type": "integer", "description": "Publication timestamp in milliseconds epoch" } } } } } } } } }, "400": { "description": "Invalid request parameters", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getGcveIssuances" } }, "/summary": { "get": { "summary": "Get global vulnerability database summary", "description": "Returns aggregated all-time statistics for the entire VDB database. Designed as a marketing-grade overview of database coverage and threat landscape. Stats not covered by the enum endpoints: raw row counts, exploit and malware counts, reference URL coverage, EPSS/CESS/CVSS/SSVC coverage ratios, and global top CWEs and vendors.", "tags": [ "Database Summary" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [], "responses": { "200": { "description": "Global vulnerability database summary", "content": { "application/json": { "schema": { "type": "object", "required": [ "timestamp", "database", "severity", "coverage", "topCWEs", "topVendors", "enrichment" ], "properties": { "timestamp": { "type": "integer", "description": "Unix timestamp when the response was generated" }, "database": { "type": "object", "description": "Raw row and entity counts across core tables", "properties": { "totalRows": { "type": "integer", "description": "Total rows in CVEMetadata (includes cross-source duplicates)" }, "distinctCveIds": { "type": "integer", "description": "Distinct CVE identifiers across all sources" }, "totalExploits": { "type": "integer", "description": "Total exploit records in the Exploit table" }, "maliciousPackages": { "type": "integer", "description": "CVEs classified as malicious packages (OpenSSF OSS malware feed)" }, "cvesWithExploits": { "type": "integer", "description": "Distinct CVE identifiers that have at least one exploit record" }, "totalReferences": { "type": "integer", "description": "Total reference records across all CVEs" }, "distinctReferenceUrls": { "type": "integer", "description": "Distinct reference URLs across all CVEs" }, "totalKev": { "type": "integer", "description": "Distinct CVE identifiers listed in the CISA KEV catalog" } } }, "severity": { "type": "object", "description": "Global severity distribution (distinct CVEs per level across all CVSS metrics)", "properties": { "critical": { "type": "integer" }, "high": { "type": "integer" }, "medium": { "type": "integer" }, "low": { "type": "integer" }, "none": { "type": "integer" } } }, "coverage": { "type": "object", "description": "Data enrichment coverage — how many distinct CVEs have each data type", "properties": { "withCvss": { "type": "integer", "description": "CVEs with at least one CVSS score" }, "withEpss": { "type": "integer", "description": "CVEs with an EPSS score" }, "withCess": { "type": "integer", "description": "CVEs with a CESS score" }, "withCwe": { "type": "integer", "description": "CVEs with a CWE classification" }, "withCapec": { "type": "integer", "description": "CVEs with a CAPEC attack pattern" }, "withSsvc": { "type": "integer", "description": "CVEs with an SSVC decision metric" }, "noReferences": { "type": "integer", "description": "CVEs with no reference URLs" }, "averageEpss": { "type": "number", "description": "Average EPSS score from the latest model run" }, "highEpss": { "type": "integer", "description": "CVEs with EPSS score >= 0.7 in the latest model run" }, "cvssV2Count": { "type": "integer", "description": "Distinct CVEs with a CVSS v2.0 score" }, "cvssV3Count": { "type": "integer", "description": "Distinct CVEs with a CVSS v3.x score (v3.0 or v3.1)" }, "cvssV4Count": { "type": "integer", "description": "Distinct CVEs with a CVSS v4.0 score" } } }, "topCWEs": { "type": "array", "description": "Top 10 CWE weakness types by distinct CVE count (all-time)", "items": { "type": "object", "properties": { "cweId": { "type": "string" }, "count": { "type": "integer" } } } }, "topVendors": { "type": "array", "description": "Top 10 affected vendors by distinct CVE count (all-time)", "items": { "type": "object", "properties": { "vendor": { "type": "string" }, "count": { "type": "integer" } } } }, "enrichment": { "type": "object", "description": "Enrichment coverage — metrics showing data added beyond baseline cve.org/nvd sources", "properties": { "snortRules": { "type": "integer", "description": "Total Snort IDS/IPS rule records" }, "enrichedIDS": { "type": "integer", "description": "Distinct CVE identifiers with at least one Snort rule" }, "patchableAll": { "type": "integer", "description": "Distinct CVE identifiers with a definite or potential patch (all sources, all prefixes)" }, "patchableCve": { "type": "integer", "description": "Distinct CVE identifiers with a definite or potential patch (CVE- prefix, cve.org/nvd source only)" }, "enrichedCPE": { "type": "integer", "description": "Distinct CVE identifiers with CPE data from enrichment sources (excluding cve.org/nvd)" }, "enrichedPURL": { "type": "integer", "description": "Distinct CVE identifiers with a Package URL (PURL) from any source" }, "enrichedPatchable": { "type": "integer", "description": "Distinct CVE identifiers with a definite or potential patch from enrichment sources (excluding cve.org/nvd)" }, "enrichedCRIT": { "type": "integer", "description": "Total CRIT (Cloud Resource Impact Taxonomy) records" } } } } }, "example": { "timestamp": 1743465600, "database": { "totalRows": 520000, "distinctCveIds": 290000, "totalExploits": 130000, "maliciousPackages": 4200, "cvesWithExploits": 48000, "totalReferences": 1400000, "distinctReferenceUrls": 950000, "totalKev": 1320 }, "severity": { "critical": 14000, "high": 52000, "medium": 98000, "low": 38000, "none": 12000 }, "coverage": { "withCvss": 240000, "withEpss": 195000, "withCess": 50000, "withCwe": 215000, "withCapec": 32000, "withSsvc": 6000, "noReferences": 28000, "averageEpss": 0.082341, "highEpss": 9500, "cvssV2Count": 277000, "cvssV3Count": 370000, "cvssV4Count": 40000 }, "topCWEs": [ { "cweId": "CWE-79", "count": 52000 }, { "cweId": "CWE-89", "count": 24000 }, { "cweId": "CWE-787", "count": 18000 } ], "topVendors": [ { "vendor": "Microsoft", "count": 14000 }, { "vendor": "Google", "count": 11000 } ], "enrichment": { "snortRules": 8500, "enrichedIDS": 3200, "patchableAll": 463000, "patchableCve": 195000, "enrichedCPE": 120000, "enrichedPURL": 580000, "enrichedPatchable": 268000, "enrichedCRIT": 1500 } } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getSummary" } }, "/vuln/{identifier}/fixes": { "get": { "summary": "Get fix intelligence for a vulnerability", "description": "**Deprecated** \u2014 superseded by the v2 Remediation Plan and its discrete sub-endpoints.\n\nIn v1, this single endpoint aggregated all fix intelligence into one large response. V2 replaces it with `/vuln/{identifier}/remediation-plan`, which returns a prioritized, context-aware action plan that goes beyond patches to include workarounds, vendor advisories, CWE-specific guidance, distribution-level patches, and exploitation timeline data.\n\nFor consumers that need targeted data rather than the full plan, each dimension is also available as a standalone endpoint \u2014 `/fixes/registry`, `/fixes/distributions`, `/fixes/source`, `/workarounds`, `/advisories`, `/cwe-guidance`, `/kev`, `/timeline`, `/affected`, and `/scorecard` \u2014 enabling lighter, more efficient queries for specific remediation use cases.\n\nSee `/v2/spec` for full documentation.", "tags": [ "Fix Intelligence" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "identifier", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Vulnerability identifier (CVE, GHSA, PYSEC, etc.)", "example": "CVE-2024-3094" } ], "responses": { "200": { "description": "Fix intelligence data", "content": { "application/json": { "schema": { "type": "object", "required": [ "identifier", "timestamp", "fixAvailability", "summary", "fixes", "vendorComments", "kevRequiredAction", "cweRemediations", "aiAnalysis", "timeline" ], "properties": { "identifier": { "type": "string" }, "timestamp": { "type": "integer" }, "fixAvailability": { "type": "string", "enum": [ "registry_available", "source_only", "distribution_patch", "no_fix", "multiple" ], "description": "Overall fix availability classification" }, "summary": { "type": "object", "properties": { "registryFixes": { "type": "integer" }, "sourceFixes": { "type": "integer" }, "distributionPatches": { "type": "integer" }, "workarounds": { "type": "integer" }, "vendorAdvisories": { "type": "integer" } } }, "fixes": { "type": "object", "properties": { "registry": { "type": "array", "items": { "type": "object", "properties": { "ecosystem": { "type": "string" }, "displayName": { "type": "string", "description": "Human-readable registry name (e.g., 'Kubernetes Registry', 'npm', 'PyPI')" }, "registryKey": { "type": "string", "description": "Stable unique key for this registry (e.g., 'oci:kubernetes', 'npm')" }, "packageName": { "type": "string" }, "fixedVersions": { "type": "array", "items": { "type": "string" } }, "purl": { "type": "string", "description": "Package URL (PURL)" } } } }, "sourceCode": { "type": "array", "items": { "type": "object", "properties": { "type": { "type": "string", "enum": [ "commit", "pr" ] }, "url": { "type": "string" }, "sha": { "type": "string" }, "author": { "type": "string" }, "timestamp": { "type": "string" }, "buildFromSourceRequired": { "type": "boolean" } } } }, "distributions": { "type": "array", "items": { "type": "object", "properties": { "distro": { "type": "string" }, "advisoryId": { "type": "string" }, "purl": { "type": "string" }, "url": { "type": "string" } } } }, "solutions": { "type": "array", "items": { "type": "object", "properties": { "lang": { "type": "string" }, "value": { "type": "string" }, "source": { "type": "string" } } } }, "workarounds": { "type": "array", "items": { "type": "object", "properties": { "lang": { "type": "string" }, "value": { "type": "string" }, "source": { "type": "string" } } } }, "configurations": { "type": "array", "items": { "type": "object", "properties": { "lang": { "type": "string" }, "value": { "type": "string" }, "source": { "type": "string" } } } } } }, "vendorComments": { "type": "array", "items": { "type": "object", "properties": { "organization": { "type": "string" }, "comment": { "type": "string" }, "lastModified": { "type": "string" } } } }, "kevRequiredAction": { "type": "string", "nullable": true, "description": "Required action from CISA KEV catalog" }, "cweRemediations": { "type": "array", "items": { "type": "string" }, "description": "Remediation guidance per CWE" }, "aiAnalysis": { "type": "string", "nullable": true, "description": "AI-generated remediation analysis" }, "timeline": { "type": "object", "properties": { "datePublished": { "type": "string", "format": "date-time", "nullable": true }, "firstPatchDate": { "type": "string", "format": "date-time", "nullable": true }, "timeToPatchDays": { "type": "integer", "nullable": true }, "lifecycleStage": { "type": "string", "enum": [ "NEW", "EMERGING", "MATURE", "LEGACY" ] } } }, "_deprecated": { "type": "object", "description": "Deprecation notice pointing to v2 successor endpoints", "properties": { "notice": { "type": "string" }, "successor": { "type": "string", "description": "v2 endpoint path" }, "specUrl": { "type": "string", "format": "uri" }, "specUiUrl": { "type": "string", "format": "uri" } } } } }, "example": { "identifier": "CVE-2024-3094", "timestamp": 1706745600, "fixAvailability": "registry_available", "summary": { "registryFixes": 2, "sourceFixes": 1, "distributionPatches": 3, "workarounds": 1, "vendorAdvisories": 0 }, "fixes": { "registry": [ { "ecosystem": "npm", "displayName": "npm", "registryKey": "npm", "packageName": "xz", "fixedVersions": [ "5.6.2" ], "purl": "pkg:npm/xz@5.6.2" } ], "sourceCode": [ { "type": "commit", "url": "https://github.com/tukaani-project/xz/commit/abc123", "sha": "abc123", "buildFromSourceRequired": false } ], "distributions": [ { "distro": "debian", "advisoryId": "DSA-5649-1", "purl": "pkg:deb/debian/CVE-2024-3094", "url": "https://www.debian.org/security/2024/dsa-5649" } ], "solutions": [ { "lang": "en", "value": "Update to xz >= 5.6.2", "source": "mitre" } ], "workarounds": [ { "lang": "en", "value": "Downgrade to xz 5.4.x", "source": "mitre" } ], "configurations": [] }, "vendorComments": [], "kevRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cweRemediations": [ "Mitigate CWE-506: Review and apply appropriate controls" ], "aiAnalysis": "This vulnerability involves a supply chain compromise...", "timeline": { "datePublished": "2024-03-29T00:00:00.000Z", "firstPatchDate": null, "timeToPatchDays": null, "lifecycleStage": "NEW" } } } } }, "400": { "description": "Invalid request parameters", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "404": { "description": "Resource not found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "deprecated": true, "operationId": "getVulnFixes" } }, "/{package}/vulns": { "get": { "summary": "Get all versions with CVE IDs for a package", "description": "Returns all known versions for a package with associated CVE identifiers. Includes pagination and total CVE count.", "tags": [ "Product/Package API" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "package", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Package name (case-insensitive)", "example": "express" }, { "name": "limit", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 1, "maximum": 500, "default": 100 }, "description": "Maximum number of results per page" }, { "name": "offset", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 0, "default": 0 }, "description": "Number of results to skip" } ], "responses": { "200": { "description": "Successful response with versions and CVE IDs", "content": { "application/json": { "schema": { "type": "object", "required": [ "packageName", "timestamp", "totalCVEs", "total", "limit", "offset", "hasMore", "versions" ], "properties": { "packageName": { "type": "string" }, "timestamp": { "type": "integer" }, "totalCVEs": { "type": "integer", "description": "Total unique CVEs affecting this package" }, "total": { "type": "integer", "description": "Total versions before pagination" }, "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "versions": { "type": "array", "items": { "type": "object", "properties": { "version": { "type": "string" }, "ecosystem": { "type": "string" }, "sources": { "type": "array", "items": { "type": "string" } }, "cveIds": { "type": "array", "items": { "type": "string" } } } } } } }, "example": { "packageName": "express", "timestamp": 1700000000, "totalCVEs": 42, "total": 523, "limit": 100, "offset": 0, "hasMore": true, "versions": [ { "version": "4.17.1", "ecosystem": "npm", "sources": [ "cve_affected", "package_version" ], "cveIds": [ "CVE-2024-1234", "CVE-2024-5678" ] } ] } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getPackageVulns" } }, "/identifiers/{year}/{month}": { "get": { "summary": "List CVE identifiers by publication month", "description": "Returns a paginated list of distinct CVE identifiers published in the specified calendar month.", "tags": [ "Identifiers" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "year", "in": "path", "required": true, "schema": { "type": "integer", "minimum": 1999 }, "description": "4-digit publication year", "example": 2024 }, { "name": "month", "in": "path", "required": true, "schema": { "type": "integer", "minimum": 1, "maximum": 12 }, "description": "Publication month (1\u201312)", "example": 3 }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "minimum": 1, "maximum": 500 }, "description": "Maximum number of records to return" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0, "minimum": 0 }, "description": "Number of records to skip for pagination" } ], "responses": { "200": { "description": "Paginated CVE identifiers for the requested month", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IdentifiersMonthResponse" } } } }, "400": { "description": "Invalid request parameters", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "getIdentifiers" } }, "/identifiers": { "get": { "summary": "Search CVE identifiers by prefix", "description": "Returns a paginated list of distinct CVE identifiers matching the given prefix (case-insensitive).", "tags": [ "Identifiers" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "prefix", "in": "query", "required": true, "schema": { "type": "string", "minLength": 3, "maxLength": 50 }, "description": "Case-insensitive prefix to match against CVE identifiers", "example": "CVE-2024-1" }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "minimum": 1, "maximum": 500 }, "description": "Maximum number of records to return" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0, "minimum": 0 }, "description": "Number of records to skip for pagination" } ], "responses": { "200": { "description": "Paginated CVE identifiers matching the prefix", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IdentifiersSearchResponse" } } } }, "400": { "description": "Invalid request parameters", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "searchIdentifiers" } }, "/exploits": { "get": { "summary": "Search CVEs with exploit intelligence", "description": "Paginated search across CVEs that have exploit data from any source. Returns enriched exploit intelligence including CVSS metrics, EPSS/CESS scores, KEV status, CrowdSec sightings, exploitation maturity classification, exploit triviality assessment, affected products, fix availability, and detailed timeline.\n\nSupports filtering by ecosystem, exploit source, CVSS severity, KEV presence, EPSS threshold, and free-text search. Results can be sorted by recency, EPSS score, severity, or exploitation maturity.\n\nMaximum 100 results per page.", "tags": [ "Exploit Intelligence" ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "parameters": [ { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "minimum": 1, "maximum": 100 }, "description": "Results per page (max 100)" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0, "minimum": 0 }, "description": "Pagination offset" }, { "name": "ecosystem", "in": "query", "schema": { "type": "string" }, "description": "Filter by ecosystem (e.g., npm, pypi, maven, go)", "example": "npm" }, { "name": "source", "in": "query", "schema": { "type": "string", "enum": [ "exploitdb", "metasploit", "nuclei", "vulncheck-xdb", "crowdsec", "github", "poc" ] }, "description": "Filter by exploit source" }, { "name": "severity", "in": "query", "schema": { "type": "string", "enum": [ "CRITICAL", "HIGH", "MEDIUM", "LOW" ] }, "description": "Filter by CVSS severity" }, { "name": "inKev", "in": "query", "schema": { "type": "boolean" }, "description": "Only include CVEs listed in CISA KEV" }, { "name": "minEpss", "in": "query", "schema": { "type": "number", "minimum": 0, "maximum": 1 }, "description": "Minimum EPSS score threshold (0.0-1.0)", "example": 0.5 }, { "name": "q", "in": "query", "schema": { "type": "string" }, "description": "Free-text search (CVE ID, title)", "example": "log4j" }, { "name": "sort", "in": "query", "schema": { "type": "string", "enum": [ "recent", "epss", "severity", "maturity" ], "default": "recent" }, "description": "Sort order" } ], "responses": { "200": { "description": "Paginated exploit intelligence results", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExploitSearchResponse" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "searchExploits" } }, "/packages/search": { "get": { "summary": "Search packages by name", "description": "Partial name search across all indexed packages with safe harbour scoring, exploitation signals, scorecard data, and provenance information.", "tags": [ "Packages" ], "parameters": [ { "name": "q", "in": "query", "required": true, "schema": { "type": "string", "minLength": 3 }, "description": "Search query (minimum 3 characters)" }, { "name": "ecosystem", "in": "query", "required": false, "schema": { "type": "string" }, "description": "Filter by ecosystem (npm, pypi, go, maven, etc.)" }, { "name": "limit", "in": "query", "required": false, "schema": { "type": "integer", "default": 100, "maximum": 100, "minimum": 1 }, "description": "Maximum results per page" }, { "name": "offset", "in": "query", "required": false, "schema": { "type": "integer", "default": 0, "minimum": 0 }, "description": "Number of results to skip" } ], "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ], "responses": { "200": { "description": "Package search results", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PackageSearchResponse" } } } }, "400": { "description": "Invalid query parameter", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "operationId": "searchPackages" } }, "/{ecosystem}/{package}": { "get": { "operationId": "getEcosystemPackage", "summary": "Get package information by ecosystem", "description": "Searches for a package by name within a specific ecosystem namespace. Supports lazy loading from deps.dev when no local data exists.", "tags": [ "Ecosystem" ], "security": [ { "BearerAuth": [] }, { "ApiKeyAuth": [] } ], "parameters": [ { "name": "ecosystem", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Ecosystem name (e.g., npm, pypi, maven)" }, { "name": "package", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Package name (case-insensitive)" }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "maximum": 500 }, "description": "Maximum number of results to return" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0 }, "description": "Number of results to skip" } ], "responses": { "200": { "description": "Package entries found", "content": { "application/json": { "schema": { "type": "object", "properties": { "data": { "type": "array", "items": { "type": "object", "properties": { "packageName": { "type": "string" }, "version": { "type": [ "string", "null" ] }, "ecosystem": { "type": "string" }, "sourceTable": { "type": "string" }, "sourceId": { "type": "string" } } } }, "pagination": { "type": "object", "properties": { "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "total": { "type": "integer" } } } } } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "404": { "description": "Package not found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/{ecosystem}/{package}/versions": { "get": { "operationId": "getEcosystemPackageVersions", "summary": "Get all versions of a package within an ecosystem", "description": "Returns all known versions of a package, combining data from the product index and CVE affected data.", "tags": [ "Ecosystem" ], "security": [ { "BearerAuth": [] }, { "ApiKeyAuth": [] } ], "parameters": [ { "name": "ecosystem", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Ecosystem name" }, { "name": "package", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Package name (case-insensitive)" }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "maximum": 500 }, "description": "Maximum number of results to return" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0 }, "description": "Number of results to skip" } ], "responses": { "200": { "description": "Version list", "content": { "application/json": { "schema": { "type": "object", "properties": { "data": { "type": "array", "items": { "type": "object", "properties": { "version": { "type": "string" }, "ecosystem": { "type": "string" }, "sources": { "type": "array", "items": { "type": "string" } } } } }, "pagination": { "type": "object", "properties": { "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "total": { "type": "integer" } } } } } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/{ecosystem}/{group}/{artifact}": { "get": { "operationId": "getEcosystemGroupPackage", "summary": "Get package information by group and artifact", "description": "For Maven-style group/artifact package names. Searches using both colon and slash separators (e.g., org.springframework:spring-core).", "tags": [ "Ecosystem" ], "security": [ { "BearerAuth": [] }, { "ApiKeyAuth": [] } ], "parameters": [ { "name": "ecosystem", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Ecosystem name (e.g., maven)" }, { "name": "group", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Group/organization name (e.g., org.springframework)" }, { "name": "artifact", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Artifact name (e.g., spring-core)" }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "maximum": 500 }, "description": "Maximum number of results to return" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0 }, "description": "Number of results to skip" } ], "responses": { "200": { "description": "Package entries found", "content": { "application/json": { "schema": { "type": "object", "properties": { "data": { "type": "array", "items": { "type": "object", "properties": { "packageName": { "type": "string" }, "version": { "type": [ "string", "null" ] }, "ecosystem": { "type": "string" }, "sourceTable": { "type": "string" }, "sourceId": { "type": "string" } } } }, "pagination": { "type": "object", "properties": { "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "total": { "type": "integer" } } } } } } } }, "401": { "description": "Authentication required", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "403": { "description": "Access denied \u2014 organization inactive", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "404": { "description": "Package not found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "429": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/eol/products": { "get": { "summary": "List all tracked software products", "description": "Returns a paginated list of software products with lifecycle tracking data from endoflife.date. Filter by category, tag, or search by name.", "tags": [ "End-of-Life" ], "parameters": [ { "name": "category", "in": "query", "schema": { "type": "string" }, "description": "Filter by product category (e.g., lang, framework, os, app, database, server-app, service, device, standard)" }, { "name": "tag", "in": "query", "schema": { "type": "string" }, "description": "Filter by product tag" }, { "name": "search", "in": "query", "schema": { "type": "string" }, "description": "Search by product name or label (case-insensitive)" }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "maximum": 500 }, "description": "Maximum number of results to return" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0 }, "description": "Number of results to skip" } ], "responses": { "200": { "description": "Paginated list of products", "content": { "application/json": { "schema": { "type": "object", "properties": { "timestamp": { "type": "integer" }, "total": { "type": "integer" }, "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "products": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "example": "python" }, "label": { "type": "string", "example": "Python" }, "category": { "type": "string", "example": "lang" }, "tags": { "type": "array", "items": { "type": "string" } }, "icon": { "type": "string", "nullable": true }, "releaseCount": { "type": "integer" }, "maintainedCount": { "type": "integer" } } } }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" } }, "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ] } }, "/eol/products/{product}": { "get": { "summary": "Get full product lifecycle detail", "description": "Returns complete product information including all releases, identifiers (PURLs, CPEs), lifecycle labels, and external links.", "tags": [ "End-of-Life" ], "parameters": [ { "name": "product", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Product slug (e.g., python, nodejs, ubuntu)", "example": "python" } ], "responses": { "200": { "description": "Full product detail with releases and identifiers", "content": { "application/json": { "schema": { "type": "object", "properties": { "timestamp": { "type": "integer" }, "product": { "type": "object", "properties": { "name": { "type": "string" }, "label": { "type": "string" }, "category": { "type": "string" }, "tags": { "type": "array", "items": { "type": "string" } }, "aliases": { "type": "array", "items": { "type": "string" } }, "versionCommand": { "type": "string", "nullable": true }, "labels": { "type": "object", "properties": { "eoas": { "type": "string", "nullable": true }, "eol": { "type": "string", "nullable": true }, "eoes": { "type": "string", "nullable": true }, "discontinued": { "type": "string", "nullable": true } } }, "links": { "type": "object", "properties": { "icon": { "type": "string", "nullable": true }, "html": { "type": "string" }, "releasePolicy": { "type": "string", "nullable": true } } }, "identifiers": { "type": "array", "items": { "type": "object", "properties": { "type": { "type": "string", "example": "purl" }, "id": { "type": "string", "example": "pkg:generic/python" } } } }, "releases": { "type": "array", "items": { "$ref": "#/components/schemas/EolRelease" } } } }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/NotFound" }, "429": { "$ref": "#/components/responses/RateLimited" } }, "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ] } }, "/eol/products/{product}/releases/{release}": { "get": { "summary": "Get single release lifecycle detail", "description": "Returns lifecycle data for a specific release of a product, including EOL dates, LTS status, maintenance status, and latest patch version.", "tags": [ "End-of-Life" ], "parameters": [ { "name": "product", "in": "path", "required": true, "schema": { "type": "string" }, "example": "python" }, { "name": "release", "in": "path", "required": true, "schema": { "type": "string" }, "description": "Release name (e.g., 3.12, 22.04)", "example": "3.12" } ], "responses": { "200": { "description": "Release detail", "content": { "application/json": { "schema": { "type": "object", "properties": { "timestamp": { "type": "integer" }, "productName": { "type": "string" }, "release": { "$ref": "#/components/schemas/EolRelease" }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/NotFound" }, "429": { "$ref": "#/components/responses/RateLimited" } }, "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ] } }, "/eol/categories": { "get": { "summary": "List product categories with counts", "description": "Returns all product categories (lang, framework, os, etc.) with the number of tracked products in each.", "tags": [ "End-of-Life" ], "responses": { "200": { "description": "Category list with product counts", "content": { "application/json": { "schema": { "type": "object", "properties": { "timestamp": { "type": "integer" }, "categories": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "example": "lang" }, "count": { "type": "integer", "example": 33 } } } } } } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" } }, "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ] } }, "/eol/identifiers": { "get": { "summary": "Search product identifiers (PURL/CPE)", "description": "Search for products by their PURL, CPE, or Repology identifiers. Useful for cross-referencing vulnerability data with product lifecycle status.", "tags": [ "End-of-Life" ], "parameters": [ { "name": "q", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Search query (matched against identifier strings, case-insensitive)", "example": "pkg:generic/python" }, { "name": "type", "in": "query", "schema": { "type": "string", "enum": [ "purl", "cpe", "repology" ] }, "description": "Filter by identifier type" }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 100, "maximum": 500 } }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0 } } ], "responses": { "200": { "description": "Matching identifiers with product info", "content": { "application/json": { "schema": { "type": "object", "properties": { "timestamp": { "type": "integer" }, "total": { "type": "integer" }, "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "identifiers": { "type": "array", "items": { "type": "object", "properties": { "type": { "type": "string" }, "identifier": { "type": "string" }, "productName": { "type": "string" }, "productLabel": { "type": "string" }, "category": { "type": "string" } } } } } } } } }, "400": { "description": "Missing required query parameter 'q'", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" } }, "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ] } }, "/scorecard/search": { "get": { "summary": "Search OpenSSF Scorecards by repository name", "description": "Search for OpenSSF Scorecard results by repository name. Returns matching scorecards with overall scores, check details, and linked CVE counts.", "tags": [ "Scorecard" ], "parameters": [ { "name": "q", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Repository name search query (case-insensitive substring match)", "example": "github.com/golang/go" }, { "name": "limit", "in": "query", "schema": { "type": "integer", "default": 20, "maximum": 100 }, "description": "Maximum number of results to return" }, { "name": "offset", "in": "query", "schema": { "type": "integer", "default": 0 }, "description": "Number of results to skip for pagination" } ], "responses": { "200": { "description": "Matching scorecards with check details", "content": { "application/json": { "schema": { "type": "object", "required": [ "query", "results", "total", "limit", "offset", "_links" ], "properties": { "query": { "type": "string", "description": "The search query that was executed" }, "results": { "type": "array", "items": { "type": "object", "required": [ "uuid", "repository", "overallScore", "linkedCves", "checks" ], "properties": { "uuid": { "type": "string", "description": "Unique identifier for this scorecard record" }, "repository": { "type": "string", "description": "Full repository URL or identifier", "example": "github.com/golang/go" }, "overallScore": { "type": "number", "description": "Aggregate scorecard score (0-10)" }, "date": { "type": "string", "nullable": true, "description": "Date the scorecard was generated" }, "scorecardVersion": { "type": "string", "nullable": true, "description": "Version of the scorecard tool used" }, "repositoryCommit": { "type": "string", "nullable": true, "description": "Git commit SHA that was analyzed" }, "linkedCves": { "type": "integer", "description": "Number of CVEs linked to this repository" }, "checks": { "type": "array", "description": "Individual scorecard check results", "items": { "type": "object", "required": [ "name", "score", "reason", "shortDescription", "documentationUrl" ], "properties": { "name": { "type": "string", "description": "Check name", "example": "Code-Review" }, "score": { "type": "integer", "description": "Check score (0-10)" }, "reason": { "type": "string", "description": "Human-readable explanation of the score" }, "shortDescription": { "type": "string", "description": "Brief description of what this check evaluates" }, "documentationUrl": { "type": "string", "description": "URL to the check's documentation" }, "details": { "type": "string", "nullable": true, "description": "Additional details about the check result" } } } } } } }, "total": { "type": "integer", "description": "Total number of matching results" }, "limit": { "type": "integer", "description": "Maximum results per page" }, "offset": { "type": "integer", "description": "Current pagination offset" }, "_links": { "type": "array", "description": "HATEOAS navigation links", "items": { "type": "object", "properties": { "rel": { "type": "string" }, "href": { "type": "string" } } } } } } } } }, "400": { "description": "Missing required query parameter 'q'", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" } }, "security": [ { "ApiKeyAuth": [] }, { "BearerAuth": [] } ] } } }, "tags": [ { "name": "Authentication", "description": "Enterprise authentication using AWS Signature Version 4 (SigV4) with SHA-512 algorithm for VdbOrganization credential exchange to JWT tokens. Your VdbOrganization UUID serves as the access key, and your VdbOrganization Secret is the signing key. Tokens expire in 15 minutes and must be refreshed via this endpoint.", "externalDocs": { "description": "AWS Signature Version 4 Signing Process", "url": "https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html" } }, { "name": "CVE Information", "description": "Unified CVE metadata and data source information" }, { "name": "Vulnerability Data", "description": "CVEListV5 format vulnerability records per data source" }, { "name": "Exploit Intelligence", "description": "Deep exploit research intelligence including per-CVE exploit data, sighting analysis, exploitation maturity scoring, triviality classification, and paginated cross-CVE search with CVSS/EPSS/KEV/CrowdSec enrichment." }, { "name": "Product/Package API", "description": "Normalized product and package information across all data sources with version tracking and CVE associations" }, { "name": "GCVE Search", "description": "Date range CVE search returning paginated CVEListV5 records with full enrichment" }, { "name": "Database Summary", "description": "Global all-time database statistics: raw entity counts, severity distribution, enrichment coverage, exploit and malware counts, top CWEs and vendors" }, { "name": "Fix Intelligence", "description": "Comprehensive fix and remediation data aggregated from all sources. **Deprecated in favor of v2 discrete remediation endpoints** \u2014 see the v2 Remediation Plan (`/vuln/{identifier}/remediation-plan`) and its standalone sub-endpoints for the replacement API." }, { "name": "Enumerations", "description": "Reference lists of valid enumerated values (data sources, severity levels, metric types, CVE states) with usage counts" }, { "name": "Identifiers", "description": "CVE identifier listing and search" }, { "name": "End-of-Life", "description": "Software product lifecycle data from endoflife.date \u2014 release dates, EOL dates, LTS status, maintenance status, and PURL/CPE identifier mappings for ~445 products" }, { "name": "Scorecard", "description": "OpenSSF Scorecard data \u2014 security health metrics for open source repositories including individual check scores, overall ratings, and CVE linkage" } ], "components": { "securitySchemes": { "BearerAuth": { "type": "http", "scheme": "bearer", "bearerFormat": "JWT", "description": "JWT token obtained from /v1/auth/token endpoint using AWS SigV4 signed request with your VdbOrganization credentials (VdbOrganization UUID + Secret)" }, "SigV4": { "type": "apiKey", "in": "header", "name": "Authorization", "description": "AWS Signature Version 4 (SHA-512) authentication. Use your VdbOrganization UUID as the access key in the credential scope. Format: AWS4-HMAC-SHA512 Credential=/YYYYMMDD/us-east-1/vdb/aws4_request, SignedHeaders=x-amz-date, Signature=" }, "ApiKeyAuth": { "type": "apiKey", "in": "header", "name": "Authorization", "description": "Static API key derived from your VdbOrganization credentials. Format: `ApiKey :` where `sha256-hex = HMAC-SHA256(key=secret, data=orgId)`. No expiry \u2014 rotate by changing your VdbOrganization secret." } }, "schemas": { "EolRelease": { "type": "object", "properties": { "name": { "type": "string", "example": "3.12" }, "codename": { "type": "string", "nullable": true }, "label": { "type": "string", "example": "3.12" }, "releaseDate": { "type": "string", "nullable": true, "example": "2023-10-02" }, "isLts": { "type": "boolean" }, "ltsFrom": { "type": "string", "nullable": true }, "isEoas": { "type": "boolean", "description": "End of active support" }, "eoasFrom": { "type": "string", "nullable": true }, "isEol": { "type": "boolean", "description": "End of life (security support)" }, "eolFrom": { "type": "string", "nullable": true, "example": "2028-10-31" }, "isEoes": { "type": "boolean", "nullable": true, "description": "End of extended support" }, "eoesFrom": { "type": "string", "nullable": true }, "isDiscontinued": { "type": "boolean", "nullable": true }, "discontinuedFrom": { "type": "string", "nullable": true }, "isMaintained": { "type": "boolean" }, "latest": { "type": "object", "nullable": true, "properties": { "name": { "type": "string", "example": "3.12.13" }, "date": { "type": "string", "example": "2026-03-03" }, "link": { "type": "string", "nullable": true } } }, "custom": { "type": "object", "nullable": true, "additionalProperties": true, "description": "Product-specific custom fields (varies per product)" }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } }, "JWTToken": { "type": "object", "required": [ "token", "iss", "sub", "exp" ], "properties": { "token": { "type": "string", "description": "JWT token string (HS512 signed, 15 minute expiration)" }, "iss": { "type": "string", "description": "Token issuer URN" }, "sub": { "type": "string", "description": "VdbOrganization UUID URN for client validation" }, "exp": { "type": "integer", "description": "Token expiration Unix timestamp" } } }, "ProductResponse": { "type": "object", "required": [ "packageName", "timestamp", "total", "limit", "offset", "hasMore", "versions" ], "properties": { "packageName": { "type": "string", "description": "Normalized package name (lowercase)" }, "ecosystem": { "type": "string", "description": "Package ecosystem filter (if specified)" }, "timestamp": { "type": "integer", "description": "Unix timestamp when response was generated" }, "total": { "type": "integer", "description": "Total number of versions before pagination" }, "limit": { "type": "integer", "description": "Results per page limit" }, "offset": { "type": "integer", "description": "Number of results skipped" }, "hasMore": { "type": "boolean", "description": "Whether more results are available" }, "versions": { "type": "array", "items": { "type": "object", "properties": { "version": { "type": "string" }, "ecosystem": { "type": "string" }, "sources": { "type": "array", "items": { "type": "object", "properties": { "sourceTable": { "type": "string" }, "sourceId": { "type": "string" } } } } } } }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } }, "CVEListV5Record": { "type": "object", "required": [ "dataType", "dataVersion", "cveMetadata", "containers" ], "properties": { "dataType": { "type": "string", "enum": [ "CVE_RECORD" ], "description": "Type of record (always CVE_RECORD)", "example": "CVE_RECORD" }, "dataVersion": { "type": "string", "description": "CVE schema version", "example": "5.1" }, "cveMetadata": { "type": "object", "required": [ "cveId", "assignerOrgId", "state" ], "properties": { "cveId": { "type": "string", "description": "CVE identifier", "example": "CVE-2024-1234" }, "assignerOrgId": { "type": "string", "description": "UUID of the assigning CNA", "example": "8254265b-2729-46b6-b9e3-3dfca2d5bfca" }, "state": { "type": "string", "enum": [ "PUBLISHED", "REJECTED" ], "example": "PUBLISHED" }, "datePublished": { "type": "string", "format": "date-time", "description": "ISO 8601 date when CVE was published", "example": "2024-01-15T10:30:00Z" }, "dateUpdated": { "type": "string", "format": "date-time", "description": "ISO 8601 date when CVE was last updated", "example": "2024-01-20T14:22:00Z" } } }, "containers": { "type": "object", "required": [ "cna" ], "properties": { "cna": { "type": "object", "description": "CNA (CVE Numbering Authority) container with core vulnerability information", "properties": { "providerMetadata": { "type": "object", "properties": { "orgId": { "type": "string" }, "shortName": { "type": "string" } } }, "title": { "type": "string" }, "descriptions": { "type": "array", "items": { "type": "object", "properties": { "lang": { "type": "string", "example": "en" }, "value": { "type": "string" } } } }, "affected": { "type": "array", "description": "Affected products and version ranges", "items": { "type": "object" } }, "references": { "type": "array", "description": "Reference URLs and advisories", "items": { "type": "object", "properties": { "url": { "type": "string", "format": "uri" }, "name": { "type": "string" }, "tags": { "type": "array", "items": { "type": "string" } } } } }, "problemTypes": { "type": "array", "description": "CWE classifications", "items": { "type": "object" } }, "metrics": { "type": "array", "description": "CVSS scores (v2.0, v3.0, v3.1, v4.0)", "items": { "type": "object" } } } }, "adp": { "type": "array", "description": "ADP (Authorized Data Publisher) containers including Vulnetix enrichment (orgId: 8254265b-2729-46b6-b9e3-3dfca2d5bfca)", "items": { "type": "object", "properties": { "providerMetadata": { "type": "object", "properties": { "orgId": { "type": "string", "format": "uuid" }, "shortName": { "type": "string" } } }, "title": { "type": "string" }, "x_generatorVersion": { "type": "string", "example": "0.2.0" }, "x_generatedAt": { "type": "string", "format": "date-time" }, "x_enrichmentSource": { "type": "string", "example": "Vulnetix Vulnerability Database" }, "x_dataSource": { "type": "string", "description": "The specific source this record came from", "example": "nist-nvd" }, "x_dataCollected": { "type": "array", "description": "List of data types included in this record", "items": { "type": "string" }, "example": [ "descriptions", "metrics", "affected", "references", "epss", "cess", "kev", "scorecard" ] }, "x_epss": { "type": "object", "description": "EPSS (Exploit Prediction Scoring System) data", "properties": { "score": { "type": "number" }, "percentile": { "type": "number" }, "date": { "type": "string" }, "modelVersion": { "type": "string" } } }, "x_cess": { "type": "object", "description": "CESS (Cybersecurity Exploit Scoring System) data", "properties": { "score": { "type": "number" }, "probabilityExploitUsage": { "type": "number" }, "date": { "type": "string" }, "modelVersion": { "type": "string" } } }, "x_kev": { "type": "object", "description": "CISA KEV (Known Exploited Vulnerability) data", "properties": { "source": { "type": "string" }, "vendorProject": { "type": "string" }, "product": { "type": "string" }, "vulnerabilityName": { "type": "string" }, "dateAdded": { "type": "string", "format": "date-time" }, "shortDescription": { "type": "string" }, "requiredAction": { "type": "string" } } }, "x_scorecard": { "type": "object", "description": "OpenSSF Scorecard data for the source repository", "properties": { "repository": { "type": "string", "description": "Repository URL or identifier", "example": "github.com/golang/go" }, "overallScore": { "type": "number", "description": "Aggregate scorecard score (0-10)" }, "date": { "type": "string", "description": "Date the scorecard was generated" }, "scorecardVersion": { "type": "string", "description": "Version of the scorecard tool used" }, "repositoryCommit": { "type": "string", "description": "Git commit SHA that was analyzed" } } }, "x_aliases": { "type": "array", "description": "Alternative identifiers (GHSA, PYSEC, etc.)", "items": { "type": "string" }, "example": [ "GHSA-xxxx-xxxx-xxxx", "PYSEC-2024-1234" ] }, "impacts": { "type": "array", "description": "CAPEC-based impact descriptions", "items": { "type": "object" } }, "x_affectedFunctions": { "type": "array", "description": "AI-identified affected function names", "items": { "type": "string" } }, "x_advisory": { "type": "string", "description": "AI-generated advisory text" }, "x_aiAnalyses": { "type": "array", "description": "AI-generated analyses", "items": { "type": "object" } } } } } } }, "x_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints (prefixed with x_ to avoid conflict with CVE schema reserved fields)" } } }, "Error": { "type": "object", "required": [ "success", "error" ], "properties": { "success": { "type": "boolean", "const": false, "example": false }, "error": { "type": "string", "description": "Human-readable error message" }, "details": { "type": "string", "description": "Additional error details (included on some endpoints)" } } }, "Success": { "type": "object", "properties": { "success": { "type": "boolean", "example": true }, "message": { "type": "string" } } }, "IdentifiersMonthResponse": { "type": "object", "required": [ "timestamp", "year", "month", "total", "limit", "offset", "hasMore", "identifiers" ], "properties": { "timestamp": { "type": "integer", "description": "Unix millisecond timestamp of response" }, "year": { "type": "integer" }, "month": { "type": "integer" }, "total": { "type": "integer", "description": "Total matching CVE identifiers" }, "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "identifiers": { "type": "array", "items": { "type": "string", "example": "CVE-2024-12345" }, "description": "List of distinct CVE identifiers" } } }, "IdentifiersSearchResponse": { "type": "object", "required": [ "timestamp", "prefix", "total", "limit", "offset", "hasMore", "identifiers" ], "properties": { "timestamp": { "type": "integer", "description": "Unix millisecond timestamp of response" }, "prefix": { "type": "string", "description": "The search prefix used" }, "total": { "type": "integer", "description": "Total matching CVE identifiers" }, "limit": { "type": "integer" }, "offset": { "type": "integer" }, "hasMore": { "type": "boolean" }, "identifiers": { "type": "array", "items": { "type": "string", "example": "CVE-2024-12345" }, "description": "List of distinct CVE identifiers matching the prefix" } } }, "ExploitSearchResponse": { "type": "object", "required": [ "timestamp", "total", "limit", "offset", "hasMore", "position", "take", "step", "filters", "results" ], "properties": { "timestamp": { "type": "integer", "description": "Unix epoch seconds", "example": 1710460800 }, "total": { "type": "integer", "description": "Total matching CVEs", "example": 4523 }, "limit": { "type": "integer", "example": 100 }, "offset": { "type": "integer", "example": 0 }, "hasMore": { "type": "boolean" }, "position": { "type": "integer" }, "take": { "type": "integer" }, "step": { "type": "integer" }, "filters": { "$ref": "#/components/schemas/ExploitSearchFilters" }, "results": { "type": "array", "items": { "$ref": "#/components/schemas/ExploitSearchResult" } }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } }, "ExploitSearchFilters": { "type": "object", "properties": { "ecosystem": { "type": [ "string", "null" ] }, "source": { "type": [ "string", "null" ] }, "severity": { "type": [ "string", "null" ] }, "inKev": { "type": [ "boolean", "null" ] }, "minEpss": { "type": [ "number", "null" ] }, "q": { "type": [ "string", "null" ] }, "sort": { "type": "string", "enum": [ "recent", "epss", "severity", "maturity" ] } } }, "ExploitSearchResult": { "type": "object", "required": [ "cveId" ], "properties": { "cveId": { "type": "string", "example": "CVE-2024-1234" }, "state": { "type": [ "string", "null" ] }, "title": { "type": [ "string", "null" ] }, "description": { "type": [ "string", "null" ] }, "aliases": { "type": "array", "items": { "type": "string" } }, "metrics": { "$ref": "#/components/schemas/ExploitCvssMetrics" }, "epss": { "oneOf": [ { "type": "null" }, { "$ref": "#/components/schemas/EpssData" } ] }, "cess": { "oneOf": [ { "type": "null" }, { "$ref": "#/components/schemas/CessData" } ] }, "cwes": { "type": "array", "items": { "$ref": "#/components/schemas/CweEntry" } }, "affectedProducts": { "type": "array", "items": { "$ref": "#/components/schemas/AffectedProduct" } }, "fixAvailability": { "$ref": "#/components/schemas/FixAvailability" }, "kev": { "$ref": "#/components/schemas/ExploitKevStatus" }, "exploitationMaturity": { "$ref": "#/components/schemas/ExploitationMaturity" }, "exploitTriviality": { "$ref": "#/components/schemas/ExploitTriviality" }, "exploitSources": { "$ref": "#/components/schemas/ExploitSourceCounts" }, "sightings": { "$ref": "#/components/schemas/SightingsData" }, "timeline": { "$ref": "#/components/schemas/ExploitTimeline" }, "ecosystems": { "type": "array", "items": { "type": "string" } }, "provenance": { "$ref": "#/components/schemas/ExploitProvenance" }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } }, "ExploitCvssMetrics": { "type": "object", "properties": { "cvssV2": { "oneOf": [ { "type": "null" }, { "$ref": "#/components/schemas/CvssScore" } ] }, "cvssV3_0": { "oneOf": [ { "type": "null" }, { "$ref": "#/components/schemas/CvssScore" } ] }, "cvssV3_1": { "oneOf": [ { "type": "null" }, { "$ref": "#/components/schemas/CvssScore" } ] }, "cvssV4_0": { "oneOf": [ { "type": "null" }, { "$ref": "#/components/schemas/CvssScore" } ] }, "highestSeverity": { "type": [ "string", "null" ], "example": "CRITICAL" }, "highestScore": { "type": [ "number", "null" ], "example": 9.8 } } }, "CvssScore": { "type": "object", "properties": { "baseScore": { "type": [ "number", "null" ] }, "baseSeverity": { "type": [ "string", "null" ] }, "vectorString": { "type": [ "string", "null" ] } } }, "EpssData": { "type": "object", "properties": { "score": { "type": "number", "minimum": 0, "maximum": 1, "example": 0.87 }, "percentile": { "type": [ "number", "null" ], "example": 0.99 }, "date": { "type": [ "string", "null" ], "example": "2026-03-14" } } }, "CessData": { "type": "object", "properties": { "score": { "type": "number", "minimum": 0, "maximum": 1, "example": 0.92 }, "probabilityExploitUsage": { "type": [ "number", "null" ], "example": 0.85 }, "date": { "type": [ "string", "null" ] } } }, "CweEntry": { "type": "object", "properties": { "cweId": { "type": [ "string", "null" ], "example": "CWE-502" }, "description": { "type": [ "string", "null" ] } } }, "AffectedProduct": { "type": "object", "properties": { "vendor": { "type": [ "string", "null" ] }, "product": { "type": [ "string", "null" ] }, "packageName": { "type": [ "string", "null" ] }, "ecosystem": { "type": "string" }, "collectionURL": { "type": [ "string", "null" ] }, "versions": { "type": "array", "items": { "$ref": "#/components/schemas/AffectedVersion" } } } }, "AffectedVersion": { "type": "object", "properties": { "version": { "type": [ "string", "null" ] }, "status": { "type": [ "string", "null" ] }, "lessThan": { "type": [ "string", "null" ] }, "lessThanOrEqual": { "type": [ "string", "null" ] }, "versionType": { "type": [ "string", "null" ] } } }, "FixAvailability": { "type": "object", "properties": { "hasFixedVersion": { "type": "boolean" }, "fixedVersionCount": { "type": "integer" } } }, "ExploitKevStatus": { "type": "object", "properties": { "inCisaKev": { "type": "boolean" }, "inVulnCheckKev": { "type": "boolean" }, "cisaDateAdded": { "type": [ "string", "null" ], "format": "date-time" }, "cisaDueDate": { "type": [ "string", "null" ], "format": "date-time" }, "cisaOverdue": { "type": [ "boolean", "null" ] }, "knownRansomwareCampaignUse": { "type": [ "string", "null" ] } } }, "ExploitationMaturity": { "type": "object", "properties": { "score": { "type": "integer", "minimum": 0, "maximum": 100, "example": 85 }, "level": { "type": "string", "enum": [ "NONE", "POC", "WEAPONIZED", "ACTIVE", "WIDESPREAD" ] }, "confidence": { "type": "string", "enum": [ "LOW", "MEDIUM", "HIGH", "VERY_HIGH" ] } } }, "ExploitTriviality": { "type": "object", "properties": { "level": { "type": "string", "enum": [ "TURNKEY", "WEAPONIZED", "FUNCTIONAL", "POC", "THEORETICAL" ] }, "reasoning": { "type": "string" } } }, "ExploitSourceCounts": { "type": "object", "properties": { "exploitDb": { "type": "integer" }, "metasploit": { "type": "integer" }, "nuclei": { "type": "integer" }, "vulnerabilityLab": { "type": "integer" }, "vulnCheckXDB": { "type": "integer" }, "vulnCheckReportedExploitation": { "type": "integer" }, "crowdSec": { "type": "integer" }, "github": { "type": "integer" }, "poc": { "type": "integer" }, "total": { "type": "integer" } } }, "SightingsData": { "type": "object", "properties": { "crowdSec": { "oneOf": [ { "type": "null" }, { "$ref": "#/components/schemas/CrowdSecSummary" } ] }, "vulnCheckXDB": { "type": "array", "items": { "$ref": "#/components/schemas/VulnCheckXDBEntry" } }, "vulnCheckReportedExploitation": { "type": "array", "items": { "$ref": "#/components/schemas/VulnCheckReportedEntry" } }, "otherSources": { "type": "array", "items": { "$ref": "#/components/schemas/OtherSightingSource" } } } }, "CrowdSecSummary": { "type": "object", "properties": { "totalSightings": { "type": "integer" }, "uniqueIPs": { "type": "integer" }, "isActive": { "type": "boolean" }, "firstSeen": { "type": [ "string", "null" ] }, "lastSeen": { "type": [ "string", "null" ] }, "topSourceCountries": { "type": "array", "items": { "type": "string" } }, "topTargetCountries": { "type": "array", "items": { "type": "string" } }, "mitreTechniques": { "type": "array", "items": { "type": "string" } }, "behaviors": { "type": "array", "items": { "type": "string" } } } }, "VulnCheckXDBEntry": { "type": "object", "properties": { "xdbId": { "type": [ "string", "null" ] }, "exploitType": { "type": [ "string", "null" ] }, "dateAdded": { "type": [ "string", "null" ], "format": "date-time" } } }, "VulnCheckReportedEntry": { "type": "object", "properties": { "url": { "type": "string" }, "dateAdded": { "type": [ "string", "null" ], "format": "date-time" } } }, "OtherSightingSource": { "type": "object", "properties": { "source": { "type": "string" }, "title": { "type": "string" }, "type": { "type": "string" }, "datePublished": { "type": [ "string", "null" ], "format": "date-time" } } }, "ExploitTimeline": { "type": "object", "properties": { "datePublished": { "type": [ "string", "null" ], "format": "date-time" }, "dateUpdated": { "type": [ "string", "null" ], "format": "date-time" }, "currentAgeDays": { "type": [ "integer", "null" ] }, "lifecycleStage": { "type": [ "string", "null" ] }, "publicationToKevDays": { "type": [ "integer", "null" ] }, "publicationToFirstExploitDays": { "type": [ "integer", "null" ] }, "firstExploitDate": { "type": [ "string", "null" ], "format": "date-time" } } }, "ExploitProvenance": { "type": "object", "properties": { "source": { "type": [ "string", "null" ] }, "dataOrigin": { "type": "string" } } }, "PackageSearchResponse": { "type": "object", "required": [ "query", "timestamp", "total", "limit", "offset", "hasMore", "upstreamSync", "packages" ], "properties": { "query": { "type": "string", "description": "The search query string" }, "ecosystem": { "type": [ "string", "null" ], "description": "Ecosystem filter applied" }, "timestamp": { "type": "integer", "description": "Unix epoch seconds" }, "total": { "type": "integer", "minimum": 0 }, "limit": { "type": "integer", "minimum": 1, "maximum": 100 }, "offset": { "type": "integer", "minimum": 0 }, "hasMore": { "type": "boolean" }, "upstreamSync": { "type": "boolean", "description": "Whether data was synchronized from an upstream source (deps.dev) during this request" }, "packages": { "type": "array", "items": { "$ref": "#/components/schemas/PackageResult" } }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } }, "PackageResult": { "type": "object", "required": [ "packageName", "matchSources", "ecosystems", "versionCount", "versions", "safeHarbour", "vulnCount", "exploitationSignals", "hasProvenance" ], "properties": { "packageName": { "type": "string" }, "matchSources": { "type": "array", "items": { "type": "string", "enum": [ "dependency", "package_version", "cve_affected", "github_repository", "eol_product", "kev", "cyclonedx_info", "depsdev" ] }, "description": "Data sources where this package was found during search" }, "ecosystems": { "type": "array", "items": { "type": "string" } }, "versionCount": { "type": "integer", "minimum": 0 }, "versions": { "type": "array", "items": { "$ref": "#/components/schemas/SearchVersion" } }, "safeHarbour": { "$ref": "#/components/schemas/SafeHarbourSummary" }, "vulnCount": { "type": "integer", "minimum": 0 }, "vulnerabilities": { "type": "array", "description": "List of CVEs affecting this package with top severity metric and PURL", "items": { "type": "object", "properties": { "cveId": { "type": "string" }, "source": { "type": "string" }, "severity": { "type": ["string", "null"] }, "score": { "type": ["number", "null"] }, "metricType": { "type": ["string", "null"] }, "vectorString": { "type": ["string", "null"] }, "purl": { "type": ["string", "null"] } }, "required": ["cveId", "source"] } }, "exploitationSignals": { "$ref": "#/components/schemas/ExploitationSignals" }, "scorecardScore": { "type": [ "number", "null" ] }, "hasProvenance": { "type": "boolean" }, "vendor": { "type": [ "string", "null" ], "description": "Vendor name from CVE/KEV data" }, "product": { "type": [ "string", "null" ], "description": "Product name from CVE/KEV data" }, "repositoryUrl": { "type": [ "string", "null" ], "description": "GitHub repository URL" }, "eolStatus": { "oneOf": [ { "type": "null" }, { "$ref": "#/components/schemas/EolStatus" } ], "description": "End-of-life status if available" }, "_links": { "type": "array", "items": { "$ref": "#/components/schemas/APILink" }, "description": "Navigational links to related API endpoints" } } }, "EolStatus": { "type": "object", "required": [ "productName", "isEol" ], "properties": { "productName": { "type": "string", "description": "Product name in the EOL database" }, "isEol": { "type": "boolean", "description": "Whether the product has reached end of life" } } }, "SearchVersion": { "type": "object", "required": [ "version", "ecosystem", "sources", "cveIds", "safeHarbour" ], "properties": { "version": { "type": "string" }, "ecosystem": { "type": "string" }, "sources": { "type": "array", "items": { "type": "string" } }, "publishedAt": { "type": [ "string", "null" ], "format": "date-time" }, "daysSinceRelease": { "type": [ "integer", "null" ], "minimum": 0 }, "cveIds": { "type": "array", "items": { "type": "string" } }, "safeHarbour": { "$ref": "#/components/schemas/SafeHarbourVersion" } } }, "SafeHarbourVersion": { "type": "object", "required": [ "vulnerabilityCount", "safeHarbourScore", "isMajorRelease" ], "properties": { "vulnerabilityCount": { "type": "integer", "minimum": 0 }, "safeHarbourScore": { "type": "number", "minimum": 0, "maximum": 1 }, "isMajorRelease": { "type": "boolean" }, "maxSeverity": { "type": [ "string", "null" ], "enum": [ "CRITICAL", "HIGH", "MEDIUM", "LOW", null ] } } }, "SafeHarbourSummary": { "type": "object", "required": [ "recommendedVersions", "highestScore" ], "properties": { "recommendedVersions": { "type": "array", "items": { "type": "string" } }, "highestScore": { "type": "number", "minimum": 0, "maximum": 1 } } }, "ExploitationSignals": { "type": "object", "required": [ "inCisaKev", "inVulnCheckKev", "exploitCount", "xdbCount", "crowdSecSightings" ], "properties": { "inCisaKev": { "type": "boolean" }, "inVulnCheckKev": { "type": "boolean" }, "exploitCount": { "type": "integer", "minimum": 0 }, "xdbCount": { "type": "integer", "minimum": 0 }, "crowdSecSightings": { "type": "integer", "minimum": 0 } } }, "APILink": { "type": "object", "required": [ "rel", "href" ], "properties": { "rel": { "type": "string", "description": "Relationship type (e.g., \"info\", \"vuln\", \"fixes\", \"timeline\", \"exploits\", \"versions\", \"product\", \"vulns\", \"eol-product\")" }, "href": { "type": "string", "description": "Relative API path to the related resource" } } } }, "responses": { "Unauthorized": { "description": "Authentication required - missing or invalid JWT token", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "BadRequest": { "description": "Invalid request parameters", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "NotFound": { "description": "Resource not found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "InternalError": { "description": "Internal server error", "content": { "application/json": { "schema": { "type": "object", "properties": { "error": { "type": "string" }, "details": { "type": "string" } } } } } } } } }