API Documentation

Integrate CVE data into your applications and security tools

Overview

CVEDatabase.com provides a simple REST API to access vulnerability data from the National Vulnerability Database (NVD). Our API offers real-time access to CVE information with built-in caching and rate limiting to ensure reliable access.

All endpoints are public and require no authentication. Simply make HTTP requests to the endpoints listed below and receive JSON responses containing CVE data.

Quick Start

Base URL

https://cvedatabase.com/api

No Authentication Required

Our public API endpoints do not require authentication keys or tokens. However, rate limiting applies to ensure fair usage and system stability.

Response Format

All responses are returned in JSON format compatible with the NVD API schema.

Main Endpoints

GET /cve/:id

Fetch detailed information about a specific CVE by its ID.

Example: /cve/CVE-2023-44487

GET /cve/search

Search for CVEs using various filters and criteria.

Query Parameters

cveId

Specific CVE ID (e.g., CVE-2024-1234)

keyword

Keyword to search in CVE descriptions

severity

Filter by severity: LOW, MEDIUM, HIGH, CRITICAL

startDate

Start date (ISO 8601 format: YYYY-MM-DD)

endDate

End date (ISO 8601 format: YYYY-MM-DD)

vendor

Filter by vendor name (e.g., Microsoft, Adobe)

product

Filter by product name (e.g., Windows, Acrobat)

exact

Set to 'true' for exact keyword matching

limit

Number of results per page (default: 20, max: 100)

offset

Number of results to skip for pagination

snapshot

Optional ISO timestamp to keep pagination stable across pages; reuse the returned pagination snapshot value.

POST /remediation

Generate AI-powered remediation guidance for a specific CVE.

Send CVE ID, description, severity, and weaknesses to receive remediation steps.

POST /executive-summary

Generate an executive summary for a CVE vulnerability.

Ideal for leadership and non-technical stakeholders.

Code Examples

JavaScript / Node.js

// Example: Search for a CVE
const cveId = 'CVE-2024-1234';
const baseUrl = 'https://cvedatabase.com';
const apiUrl = `${baseUrl}/api/cve/search?cveId=${cveId}`;

const response = await fetch(apiUrl);
const data = await response.json();

console.log(data.data[0]);

Advanced Search

// Example: Advanced search
const params = new URLSearchParams({
  keyword: 'remote code execution',
  vendor: 'microsoft',
  severity: 'CRITICAL',
  exact: 'true',
  limit: '10'
});

const baseUrl = 'https://cvedatabase.com';
const apiUrl = `${baseUrl}/api/cve/search?${params}`;
const response = await fetch(apiUrl);
const data = await response.json();

cURL / Command Line

# Example: Search for a CVE using cURL
curl -s "https://cvedatabase.com/api/cve/search?cveId=CVE-2023-44487" \
  | jq

PowerShell

# Example: Search for a CVE using PowerShell
$baseUrl = "https://cvedatabase.com"
$url = $baseUrl + "/api/cve/search?cveId=CVE-2023-44487"
$response = Invoke-RestMethod -Uri $url
$response.data[0] | ConvertTo-Json

Rate Limiting

To ensure fair usage and system stability, the following rate limits apply:

50 requests per minute per IP address
1,000 requests per hour per IP address
Results cached for improved performance

Note: Rate limit headers are included in API responses (X-RateLimit-*) to help you track usage.

Need Help?

If you have questions or need assistance integrating our API:

• Visit our Help Center for common questions
• Check the Glossary for security terminology
• Contact us through the Contact page for support