cve-search Common Vulnerabilities and Exposures (CVE)

cve-search - Common Vulnerabilities and Exposure Web Interface and API

CIRCL CVE logo

cve-search is accessible via a web interface and an HTTP API. cve-search is an interface to search publicly known information from security vulnerabilities in software and hardware along with their corresponding exposures.

cve-search includes the following data-feeds:

cve-search is a public service operated by CIRCL.

The HTTP API outputs JSON. The API is fully documented at the following location https://cve.circl.lu/api/. No authentication is required for the exposed functions, don’t get confused by the generic statement at the page saying:

Some API calls require authentication. These are colored yellow in the API Query list. Authentication is done in one of two ways:

For the colour blind: there are no yellow API calls ;)

Browse vendor and product

To get a JSON with all the vendors:

curl http://cve.circl.lu/api/browse

To get a JSON with all the products associated to a vendor:

curl http://cve.circl.lu/api/browse/microsoft

Browse CVEs per vendor/product

To get a JSON with all the vulnerabilities per vendor and a specific product:

curl http://cve.circl.lu/api/search/microsoft/office

Get CVE per CVE-ID

To get a JSON of a specific CVE ID:

curl http://cve.circl.lu/api/cve/CVE-2010-3333

Get the last updated CVEs

To get a JSON of the last 30 CVEs including CAPEC, CWE and CPE expansions:

curl http://cve.circl.lu/api/last

Get more information about the current CVE database

To get more information about the current databases in use and when it was updated:

curl http://cve.circl.lu/api/dbInfo

Do you log search queries?

Yes, we do log the search queries to debug our software and acquire statistics about software vulnerabilities trending.

Where is the source code of the cve-search software?

cve-search source code is available on GitHub. The main authors of cve-search are Alexandre Dulaunoy and Pieter-Jan Moreels with the support of the community including CIRCL.

Is there a full-dump of the cve-search database?

You can access the full-dump from the CVE search dataset.

What are the software using cve.circl.lu API?