API Endpoints
Health Check Endpoints​
Full Health Check​
GET /api/v1/ping
💰 Cost: 0 credits (free healthcheck)
Performs a comprehensive health check including database connectivity.
Headers:
X-API-Key: Required
Response:
{
"data": {
"status": "ok",
"timestamp": "2024-01-25T12:00:00Z",
"database": {
"connected": true,
"latency_ms": 15
}
},
"meta": {
"timestamp": "2024-01-25T12:00:00Z",
"version": "v1",
"correlationId": "req-12345"
}
}
Lightweight Health Check​
GET /api/v1/ping-lite
💰 Cost: 0 credits (free healthcheck)
Lightweight health check for high-frequency monitoring (sub-millisecond response).
Headers:
X-API-Key: Required
Response:
{
"data": {
"status": "ok",
"timestamp": "2024-01-25T12:00:00Z"
},
"meta": {
"timestamp": "2024-01-25T12:00:00Z",
"version": "v1",
"correlationId": "req-12345"
}
}
CVE Endpoints​
Get CVE Details​
GET /api/v1/cve/{cve-id}
💰 Cost: 5 credits
Retrieve detailed information about a specific CVE including all enrichment data.
Headers:
X-API-Key: Required
Path Parameters:
cve-id: CVE identifier (e.g., CVE-2024-0001)
Query Parameters:
fields(optional): Comma-separated list of fields to include in responseinclude(optional): Additional data to include. Options:enrichment: Include CVE enrichment dataacsc: Include ACSC advisoriesattack: Include MITRE ATT&CK® technique mappings- Multiple values can be combined:
include=enrichment,attack
Example Request:
# Basic request
curl -H "X-API-Key: your-api-key-here" \
https://api.cybersecfeed.com/api/v1/cve/CVE-2024-0001
# With ATT&CK techniques only
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cve/CVE-2021-44228?include=attack"
# With both enrichment and ATT&CK
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cve/CVE-2021-44228?include=enrichment,attack"
# With all enrichment types for comprehensive analysis
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cve/CVE-2021-44228?include=acsc,enrichment,attack"
Response:
{
"data": {
"cve": {
"id": "CVE-2024-0001",
"sourceIdentifier": "[email protected]",
"published": "2024-01-15T10:00:00Z",
"lastModified": "2024-01-16T14:30:00Z",
"description": "A vulnerability in...",
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"cpe": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vendor:product:1.0:*:*:*:*:*:*:*"
}
],
"references": [
{
"url": "https://example.com/advisory",
"source": "[email protected]"
}
],
"kev": {
"dateAdded": "2024-01-20",
"knownRansomware": false,
"notes": "Active exploitation observed"
},
"epss": {
"score": 0.97234,
"percentile": 0.99,
"date": "2024-01-25"
},
"acsc": [
{
"id": "2024-critical-vulnerability-alert",
"title": "Critical Vulnerability Alert",
"type": "alert",
"priority": "Critical",
"publishedDate": "2024-01-20T08:00:00Z"
}
],
"attack": {
"techniques": ["T1190", "T1059", "T1203"]
}
}
},
"meta": {
"timestamp": "2024-01-25T12:00:00Z",
"version": "v1",
"correlationId": "req-12345"
}
}
ATT&CK Technique Mapping Example:
When you include ATT&CK data (?include=attack), the response includes technique IDs that map to specific adversary behaviors:
{
"data": {
"cve": {
"id": "CVE-2021-44228",
"description": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP...",
"cvss": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"kev": {
"dateAdded": "2021-12-10",
"knownRansomware": true
},
"attack": {
"techniques": ["T1190", "T1059", "T1203", "T1210"]
}
}
}
}
What the ATT&CK techniques mean:
- T1190 (Exploit Public-Facing Application): Attackers exploit this vulnerability in internet-facing systems
- T1059 (Command and Scripting Interpreter): Enables remote command execution
- T1203 (Exploitation for Client Execution): Can be triggered through user interaction
- T1210 (Exploitation of Remote Services): Allows lateral movement within networks
This intelligence helps prioritize patching based on how adversaries actually use the vulnerability.
Batch CVE Details (Enterprise)​
POST /api/v1/cve/batch
💰 Cost: 35 credits (flat rate for 1-50 CVEs - 86% savings vs individual calls)
Retrieve detailed information for multiple CVEs in a single request with enterprise-grade threat intelligence.
Headers:
X-API-Key: RequiredContent-Type: application/json
Request Body:
{
"cve_ids": ["CVE-2024-0001", "CVE-2024-0002"],
"fields": ["cve_id", "severity", "kev", "epss"],
"include": "enrichment"
}
Parameters:
cve_ids(required): Array of CVE IDs (1-50 maximum)fields(optional): Array of fields to include in responseinclude(optional): Enrichment data to include (enrichment,acsc,attack)
Example Request:
curl -X POST -H "X-API-Key: your-api-key-here" \
-H "Content-Type: application/json" \
-d '{"cve_ids": ["CVE-2021-44228", "CVE-2024-0001"]}' \
https://api.cybersecfeed.com/api/v1/cve/batch
Response:
{
"data": {
"cves": {
"CVE-2021-44228": {
"cve_id": "CVE-2021-44228",
"published": "2021-12-09T15:15:00Z",
"modified": "2024-01-20T10:30:00Z",
"severity": 10.0,
"description": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP...",
"status": "Analyzed",
"source_tag": "nvd",
"enrichment_status": "enriched",
"kev": {
"known_exploited": true,
"due_date": "2021-12-24",
"action_required": "Update Apache Log4j2 to version 2.17.1 or later"
},
"epss": {
"score": 0.97561,
"percentile": 0.99998,
"date": "2024-01-25"
}
}
},
"not_found": [],
"count": 1,
"total_requested": 1,
"credits_charged": 35,
"enriched_percentage": 100,
"timestamp": "2024-01-25T12:00:00Z"
}
}
Search and List CVEs​
GET /api/v1/cves
💰 Cost: 1 credit
Search, filter, and list CVEs with advanced v1.5 features (now enabled by default).
Headers:
X-API-Key: Required
Query Parameters:
q(optional): Full-text search queryids(optional): Comma-separated list of CVE IDs for simple batch lookup (use POST/api/v1/cve/batchfor enterprise features)severity_min(optional): Minimum CVSS base score (0.0-10.0)severity_max(optional): Maximum CVSS base score (0.0-10.0)severity(optional): Named severity level (critical,high,medium,low)exploit(optional): Filter for exploitable CVEs (true/false) - includes KEV and enrichment-based detectionpublished_after(optional): ISO 8601 date (e.g., 2024-01-01)published_before(optional): ISO 8601 datemodified_after(optional): ISO 8601 datemodified_before(optional): ISO 8601 datekev(optional): Filter by KEV status (true/false)epss_min(optional): Minimum EPSS score (0.0-1.0)epss_max(optional): Maximum EPSS score (0.0-1.0)sort(optional): Sort results byseverity_desc,severity_asc,published_desc,published_asc,modified_desc,modified_asc,epss_desc,epss_asclimit(optional): Number of results per page (1-100, default: 20)after(optional): Cursor for paginationfields(optional): Comma-separated list of fields to include (enables up to 85% payload reduction)include(optional): Comma-separated list of enrichment data to include (acsc,enrichment,attack)
Example Requests:
Search for recent critical vulnerabilities with sorting:
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?severity=critical&published_after=2024-01-01&sort=severity_desc&limit=10"
Search exploitable CVEs with field selection (85% payload reduction):
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?exploit=true&fields=cve_id,severity,kev,epss&limit=20"
Full-text search with EPSS sorting:
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?q=buffer+overflow&sort=epss_desc&limit=20"
Simple batch lookup (for enterprise features, use POST /api/v1/cve/batch):
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?ids=CVE-2024-0001,CVE-2024-0002,CVE-2024-0003"
Search with ACSC data included:
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?q=buffer+overflow&include=acsc&limit=20"
Search with both ACSC and enrichment data:
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?severity_min=7.0&include=acsc,enrichment&limit=10"
Efficient ACSC CVE discovery (recommended for ACSC-focused workflows):
# Get only CVEs with ACSC notices for efficient discovery
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?has_acsc=true&include=acsc&limit=100"
# High-priority ACSC vulnerabilities
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?has_acsc=true&severity=critical&include=acsc"
Search for high-risk CVEs with ATT&CK mappings:
# Critical CVEs with known attack techniques
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?severity_min=9.0&include=attack&limit=20"
# Known exploited vulnerabilities with ATT&CK data for threat hunting
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves?kev=true&include=attack&limit=50"
Response:
{
"data": {
"cves": [
{
"id": "CVE-2024-0001",
"published": "2024-01-15T10:00:00Z",
"lastModified": "2024-01-16T14:30:00Z",
"description": "Buffer overflow vulnerability in Example Product...",
"cvss": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"enrichment": {
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"cvss_source": "nvd",
"cwe_list": ["CWE-120", "CWE-787"],
"exploit_flag": true,
"kev_flag": false,
"attack_vector": "network",
"patch_available": true,
"cpe_count": 15,
"reference_count": 23,
"vendor_tags": ["nvd"],
"enriched_at": "2024-01-15T18:30:00.000Z"
},
"acsc_notices": [
{
"id": "2024-advisory-001",
"type": "advisory",
"title": "Critical Buffer Overflow Vulnerabilities",
"priority": "Critical",
"published": "2024-01-16T08:00:00Z"
}
]
}
],
"pagination": {
"limit": 20,
"hasMore": true,
"nextCursor": "cursor-value"
}
},
"meta": {
"timestamp": "2024-01-25T12:00:00Z",
"version": "v1",
"correlationId": "req-12345"
}
}
Response with ATT&CK data included:
When using include=attack, the response includes ATT&CK technique mappings:
{
"data": {
"cves": [
{
"id": "CVE-2024-21234",
"published": "2024-01-15T10:00:00Z",
"description": "Remote code execution vulnerability...",
"cvss": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"kev": {
"dateAdded": "2024-01-20",
"knownRansomware": false
},
"attack": {
"techniques": ["T1190", "T1059.003"]
}
},
{
"id": "CVE-2024-21235",
"published": "2024-01-16T10:00:00Z",
"description": "Privilege escalation vulnerability...",
"cvss": {
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"attack": {
"techniques": ["T1068", "T1055"]
}
}
],
"pagination": {
"limit": 20,
"hasMore": true,
"nextCursor": "cursor-value"
}
}
}
The ATT&CK techniques help identify:
- T1190: Internet-facing attack surface
- T1059.003: Windows Command Shell execution
- T1068: Privilege escalation to SYSTEM
- T1055: Process injection capabilities
Recent CVEs​
GET /api/v1/cves/recent
💰 Cost: 2 credits
Retrieve recently published or modified CVEs for monitoring and alerting workflows.
Headers:
X-API-Key: Required
Query Parameters:
hours(optional): Look back period in hours (default: 24, max: 168)days(optional): Look back period in days (alternative to hours, max: 7)limit(optional): Number of results per page (1-100, default: 50)after(optional): Cursor for paginationfields(optional): Comma-separated list of fields to includeinclude(optional): Enrichment data to include (acsc,enrichment,attack)
Example Requests:
# CVEs from last 24 hours (default)
curl -H "X-API-Key: your-api-key-here" \
https://api.cybersecfeed.com/api/v1/cves/recent
# CVEs from last 48 hours with field selection
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves/recent?hours=48&fields=cve_id,severity,published"
# Last 7 days of critical CVEs with enrichment
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cves/recent?days=7&severity=critical&include=enrichment"
Response:
{
"data": {
"cves": [
{
"cve_id": "CVE-2024-0001",
"published": "2024-01-25T10:00:00Z",
"modified": "2024-01-25T10:00:00Z",
"severity": 9.8,
"description": "Recently discovered critical vulnerability...",
"status": "Analyzed",
"source_tag": "nvd",
"enrichment_status": "pending"
}
],
"pagination": {
"limit": 50,
"hasMore": false
},
"lookback_period": "24 hours",
"total_found": 15
}
}
KEV Endpoint​
Get Known Exploited Vulnerabilities​
GET /api/v1/kev
💰 Cost: 1 credit
Retrieve the catalog of known exploited vulnerabilities.
Headers:
X-API-Key: Required
Query Parameters:
vendor(optional): Filter by vendor nameproduct(optional): Filter by product nameransomware(optional): Filter by ransomware association (true/false)limit(optional): Number of results per page (1-100, default: 20)after(optional): Cursor for pagination
Example Request:
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/kev?ransomware=true&limit=10"
Response:
{
"data": {
"vulnerabilities": [
{
"cveId": "CVE-2023-12345",
"vendorProject": "Example Corp",
"product": "Example Product",
"vulnerabilityName": "Example Product Remote Code Execution",
"dateAdded": "2024-01-20",
"shortDescription": "A vulnerability allowing remote code execution...",
"requiredAction": "Apply patches immediately",
"dueDate": "2024-02-10",
"knownRansomware": true,
"notes": "Additional context..."
}
],
"pagination": {
"limit": 10,
"hasMore": true,
"nextCursor": "cursor-value"
}
},
"meta": {
"timestamp": "2024-01-25T12:00:00Z",
"version": "v1",
"correlationId": "req-12345"
}
}
CVE Detail Endpoint​
Get Detailed CVE Data​
GET /api/v1/cve/{cve-id}/detail
Retrieve comprehensive CVE data including CPE configurations, references, and vendor-specific enrichment from blob storage. This endpoint provides the most detailed information available for high-value CVEs.
Headers:
X-API-Key: Required
Path Parameters:
cve-id: CVE identifier (e.g., CVE-2024-0001)
Query Parameters:
vendor(optional): Vendor source for enrichment data. Options:nvd(default): National Vulnerability Databasemitre: MITRE Corporationcisco: Cisco Security (Enterprise plans)flashpoint: Flashpoint Intelligence (Enterprise plans)
Example Requests:
# Get detailed NVD data (default)
curl -H "X-API-Key: your-api-key-here" \
https://api.cybersecfeed.com/api/v1/cve/CVE-2024-0001/detail
# Get vendor-specific enrichment
curl -H "X-API-Key: your-api-key-here" \
"https://api.cybersecfeed.com/api/v1/cve/CVE-2024-0001/detail?vendor=cisco"
Response (Full Detail):
{
"data": {
"cve_id": "CVE-2024-0001",
"vendor": "nvd",
"metrics": {
"cvss_v31": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"exploitabilityScore": 3.9,
"impactScore": 6.0
},
"severity": "CRITICAL",
"exploitability": {
"score": 3.9,
"evidence": ["Public exploit available", "Metasploit module exists"]
}
},
"technical_details": {
"cwe": [
{
"id": "CWE-787",
"name": "Out-of-bounds Write",
"description": "The software writes data past the end of the intended buffer"
}
],
"attack_vector": "NETWORK",
"attack_complexity": "LOW",
"authentication": "NONE"
},
"affected_products": {
"cpe_configurations": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:vendor:product:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "2.5.0"
}
],
"total_cpe_count": 15
},
"references": {
"vendor_advisories": [
{
"url": "https://vendor.com/security/advisory-123",
"tags": ["Vendor Advisory", "Patch"],
"source": "vendor"
}
],
"exploits": [
{
"url": "https://exploit-db.com/exploits/12345",
"tags": ["Exploit", "Third Party Advisory"]
}
],
"total_reference_count": 23
},
"enrichment_metadata": {
"created_at": "2024-01-15T18:30:00Z",
"vendor_tags": ["nvd"],
"data_completeness": "full"
}
},
"meta": {
"timestamp": "2024-01-25T12:00:00Z",
"version": "v1",
"correlationId": "req-12345"
}
}
Response (Partial - Enrichment Only):
When full blob data is unavailable, the endpoint returns available enrichment data:
{
"data": {
"status": "partial",
"message": "Full blob data unavailable; returning enrichment snapshot",
"data": {
"cve_id": "CVE-2024-0001",
"vendor": "nvd",
"enrichment": {
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"cvss_source": "nvd",
"cwe_list": ["CWE-787", "CWE-120"],
"exploit_flag": true,
"patch_available": true,
"cpe_count": 15,
"reference_count": 23,
"vendor_tags": ["nvd"],
"attack_vector": "network",
"kev_flag": false,
"attack_techniques": ["T1190", "T1059"],
"enriched_at": "2024-01-15T18:30:00Z"
}
}
},
"meta": {
"timestamp": "2024-01-25T12:00:00Z",
"version": "v1",
"correlationId": "req-12345"
}
}
Response Headers:
X-Blob-Status: Indicates blob availability (available,missing,partial)Cache-Control: Standard caching headers for performance
When to Use This Endpoint:
- Security Research: Deep dive into vulnerability mechanics
- Patch Management: Identify all affected product versions
- Threat Modeling: Understand exploitation requirements
- Compliance Reporting: Document comprehensive vulnerability details
- Vendor-Specific Intelligence: Access specialized threat data (Enterprise)
Data Availability:
Detailed blob data is available for:
- CVEs with CVSS score ≥ 7.0 (HIGH/CRITICAL)
- CVEs with known exploits
- CVEs affecting multiple products (high CPE count)
- CVEs with significant security impact
Note: Not all CVEs have detailed blob data. Use the standard /api/v1/cve/{id} endpoint for basic CVE information.
Usage Endpoint​
Get API Key Usage​
GET /api/v1/usage
💰 Cost: 0 credits (free monitoring)
Retrieve current usage statistics for your API key.
Headers:
X-API-Key: Required
Response:
{
"data": {
"usage": {
"plan": "CyberSecFeed Plus",
"credits_limit": 30000,
"credits_used": 1523,
"credits_remaining": 28477,
"reset_at": "2024-02-01T00:00:00Z",
"percentage_used": 5.08
}
},
"meta": {
"timestamp": "2024-01-25T12:00:00Z",
"version": "v1",
"correlationId": "req-12345"
}
}
Response Headers:
X-Rate-Limit-Remaining: Requests remaining in rate limit window (Free tier only)X-Rate-Limit-Reset: Unix timestamp when rate limit resets (Free tier only)
Note: Credit information (used/limit) is not included in response headers to improve caching performance. To check your current usage and credit limits, use the dedicated /api/v1/usage endpoint.
Error Responses:
// 401 Unauthorized - Invalid or missing API key
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid API key"
}
}
// 429 Too Many Requests - Credit limit exceeded
{
"error": {
"code": "CREDIT_LIMIT_EXCEEDED",
"message": "Monthly credit limit exceeded. Upgrade your plan or wait for reset.",
"details": {
"credits_used": 30000,
"credits_limit": 30000,
"reset_at": "2024-02-01T00:00:00Z"
}
}
}
Statistics Endpoint​
Get Platform Statistics​
GET /api/v1/stats
💰 Cost: 0.5 credits
Retrieve aggregate statistics about the vulnerability database.
Headers:
X-API-Key: Required
Response:
{
"data": {
"stats": {
"totalCves": 350000,
"cvesLast24Hours": 125,
"cvesLast7Days": 890,
"cvesLast30Days": 3456,
"totalKev": 1374,
"totalWithEpss": 284000,
"averageEpssScore": 0.123,
"totalWithAcsc": 245,
"lastUpdated": "2024-01-25T11:45:00Z"
}
},
"meta": {
"timestamp": "2024-01-25T12:00:00Z",
"version": "v1",
"correlationId": "req-12345"
}
}