API
National Vulnerability Database (NVD) API
| Official Website | Provider | Notes |
|---|---|---|
| NVD Vulnerabilities | NIST (National Institute of Standards and Technology) | API key required, usage restrictions apply |
Features
- Official and highly reliable
- Provides both CVSSv2 and v3 scores
- Free to use
Endpoint Example
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-YYYY-XXXXXXX
CIRCL CVE Search API
| Official Website | Provider | Notes |
|---|---|---|
| CIRCL CVE Search | CIRCL (Computer Incident Response Center Luxembourg) |
Features
- Open source, can be self-hosted
- Provides both CVSSv2 and v3 scores
Endpoint Example
https://cve.circl.lu/api/cve/CVE-YYYY-XXXXXXX
Vulners API
| Official Website | Provider | Notes |
|---|---|---|
| Vulners API | Vulners | Paid plans available, limited free usage possible |
Features
- Extensive vulnerability database
- Provides CVSSv2 and v3 scores
Endpoint Example
https://vulners.com/api/v3/search/lucene/?query=CVE-YYYY-XXXXXXX
Red Hat Security Data API
| Official Website | Provider | Notes |
|---|---|---|
| Red Hat Security Data API | Red Hat |
Features
- Specialized in CVEs related to Red Hat products
- Provides CVSSv2 and v3 scores
Endpoint Example
https://access.redhat.com/labs/securitydataapi/cve/CVE-YYYY-XXXXXXX.json
MITRE CVE API
| Official Website | Provider | Notes |
|---|---|---|
| MITRE CVE Search | MITRE Corporation | CVSS scores often not included |
Features
- Official source of CVE data
- Provides basic CVE information
Endpoint Example
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-XXXXXXX
VulDB API
| Official Website | Provider | Notes |
|---|---|---|
| VulDB API | VulDB | Paid service |
Features
- Provides extensive vulnerability information
- Includes CVSS scores, affected products, and remediation information
Endpoint Example
https://vuldb.com/?kb.api
Shodan API
| Official Website | Provider | Notes |
|---|---|---|
| Shodan API | Shodan | Primarily paid, limited free plan available |
Features
- Provides vulnerability information for internet-connected devices
- Offers information on actual vulnerable systems associated with CVEs
Endpoint Example
https://api.shodan.io/shodan/host/CVE-YYYY-XXXXXXX
OpenCVE API
| Official Website | Provider | Notes |
|---|---|---|
| OpenCVE API | OpenCVE (Open source project) | Community-driven project |
Features
- Collects and provides CVE information as an API
- Can be self-hosted
Endpoint Example
https://opencve.io/api/cve/CVE-YYYY-XXXXXXX
NIST National Checklist Program Repository API
| Official Website | Provider | Notes |
|---|---|---|
| NIST NCP Repository | NIST | Rich in information related to U.S. government systems |
Features
- Provides security configuration checklists and CVE information
- Focuses on U.S. government systems
Endpoint Example
https://nvd.nist.gov/ncp/repository/CVE-YYYY-XXXXXXX
Cybersecurity and Infrastructure Security Agency (CISA) API
| Official Website | Provider | Notes |
|---|---|---|
| CISA API | U.S. Cybersecurity and Infrastructure Security Agency | No specific restrictions mentioned, but it's recommended to check before use |
Features
- Provides vulnerability information related to critical infrastructure
- Focuses on CVEs deemed important from the U.S. government perspective
Endpoint Example
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
ExploitDB API
| Official Website | Provider | Notes |
|---|---|---|
| ExploitDB API | Offensive Security | No specific restrictions mentioned, but it's recommended to check before use |
Features
- Provides information on publicly available exploit code and related CVEs
- Aimed at penetration testers and security researchers
Endpoint Example
https://www.exploit-db.com/api
Rapid7 Open Data API
| Official Website | Provider | Notes |
|---|---|---|
| Rapid7 Open Data API | Rapid7 |
Features
- Provides data on vulnerabilities, attacks, and other security-related information
- Offers detailed technical information related to CVEs
Endpoint Example
https://opendata.rapid7.com/
OSS
OpenCVE
| Official Website | Provider | Notes | Stars |
|---|---|---|---|
| OpenCVE | opencve | v1 will soon be closed, and v2 will be released | ~1800 |
Features
- OSS for collecting, analyzing, and displaying CVE information
- Provides Web interface and REST API
- Written in Python
CVE-Search
| Official Website | Provider | Notes | Stars |
|---|---|---|---|
| CVE-Search | cve-search | ~2300 |
Features
- Imports CVE, CPE, and CWE data and makes it searchable
- Uses MongoDB to store data
- Written in Python, provides Web interface and API
Dependency-Track
| Official Website | Provider | Notes | Stars |
|---|---|---|---|
| Dependency-Track | DependencyTrack | No specific restrictions mentioned, but it's recommended to check before use | ~2600 |
Features
- Component analysis platform for software supply chain
- Provides vulnerability data including CVE information
- Written in Java
nvdtools
| Official Website | Provider | Notes | Stars |
|---|---|---|---|
| nvdtools |
Features
- Vulnerability database written in Go
- Parses NVD data and provides it in a user-friendly format
- Offers both CLI tools and libraries
OWASP Dependency-Check
| Official Website | Provider | Notes | Stars |
|---|---|---|---|
| OWASP Dependency-Check | Individual | ~6300 |
Features
- Scans project dependencies and detects known vulnerabilities
- Uses NVD database
- Written in Java but supports many languages and build tools
Grype
| Official Website | Provider | Notes | Stars |
|---|---|---|---|
| Grype | Anchore | ~8500 |
Features
- Vulnerability scanner for container images and filesystems
- Uses multiple vulnerability databases
- Written in Go
VulnerableCode
| Official Website | Provider | Notes | Stars |
|---|---|---|---|
| VulnerableCode | Individual | ~500 |
Features
- Aggregates vulnerability data from multiple sources
- Provides REST API and Web UI
- Written in Python/Django
Top comments (0)