Skip to main content

API Endpoints

Health Check Endpoints

Full Health Check

GET /api/v1/ping

Performs a comprehensive health check including database connectivity.

Headers:

  • X-API-Key: Required

Response:

{
	"data": {
		"status": "ok",
		"timestamp": "2024-01-25T12:00:00Z",
		"database": {
			"connected": true,
			"latency_ms": 15
		}
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}

Lightweight Health Check

GET /api/v1/ping-lite

Lightweight health check for high-frequency monitoring (sub-millisecond response).

Headers:

  • X-API-Key: Required

Response:

{
	"data": {
		"status": "ok",
		"timestamp": "2024-01-25T12:00:00Z"
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}

CVE Endpoints

Get CVE Details

GET /api/v1/cve/{cve-id}

Retrieve detailed information about a specific CVE including all enrichment data.

Headers:

  • X-API-Key: Required

Path Parameters:

  • cve-id: CVE identifier (e.g., CVE-2024-0001)

Query Parameters:

  • fields (optional): Comma-separated list of fields to include in response
  • include (optional): Additional data to include. Options:
    • enrichment: Include CVE enrichment data
    • acsc: Include ACSC advisories
    • attack: Include MITRE ATT&CK® technique mappings
    • Multiple values can be combined: include=enrichment,attack

Example Request:

# Basic request
curl -H "X-API-Key: your-api-key-here" \
     https://api.cybersecfeed.com/api/v1/cve/CVE-2024-0001

# With ATT&CK techniques only
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cve/CVE-2021-44228?include=attack"

# With both enrichment and ATT&CK
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cve/CVE-2021-44228?include=enrichment,attack"

# With all enrichment types for comprehensive analysis
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cve/CVE-2021-44228?include=acsc,enrichment,attack"

Response:

{
	"data": {
		"cve": {
			"id": "CVE-2024-0001",
			"sourceIdentifier": "[email protected]",
			"published": "2024-01-15T10:00:00Z",
			"lastModified": "2024-01-16T14:30:00Z",
			"description": "A vulnerability in...",
			"cvss": {
				"version": "3.1",
				"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
				"baseScore": 9.8,
				"baseSeverity": "CRITICAL"
			},
			"cpe": [
				{
					"vulnerable": true,
					"criteria": "cpe:2.3:a:vendor:product:1.0:*:*:*:*:*:*:*"
				}
			],
			"references": [
				{
					"url": "https://example.com/advisory",
					"source": "[email protected]"
				}
			],
			"kev": {
				"dateAdded": "2024-01-20",
				"knownRansomware": false,
				"notes": "Active exploitation observed"
			},
			"epss": {
				"score": 0.97234,
				"percentile": 0.99,
				"date": "2024-01-25"
			},
			"acsc": [
				{
					"id": "2024-critical-vulnerability-alert",
					"title": "Critical Vulnerability Alert",
					"type": "alert",
					"priority": "Critical",
					"publishedDate": "2024-01-20T08:00:00Z"
				}
			],
			"attack": {
				"techniques": ["T1190", "T1059", "T1203"]
			}
		}
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}

ATT&CK Technique Mapping Example:

When you include ATT&CK data (?include=attack), the response includes technique IDs that map to specific adversary behaviors:

{
	"data": {
		"cve": {
			"id": "CVE-2021-44228",
			"description": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP...",
			"cvss": {
				"baseScore": 10.0,
				"baseSeverity": "CRITICAL"
			},
			"kev": {
				"dateAdded": "2021-12-10",
				"knownRansomware": true
			},
			"attack": {
				"techniques": ["T1190", "T1059", "T1203", "T1210"]
			}
		}
	}
}

What the ATT&CK techniques mean:

  • T1190 (Exploit Public-Facing Application): Attackers exploit this vulnerability in internet-facing systems
  • T1059 (Command and Scripting Interpreter): Enables remote command execution
  • T1203 (Exploitation for Client Execution): Can be triggered through user interaction
  • T1210 (Exploitation of Remote Services): Allows lateral movement within networks

This intelligence helps prioritize patching based on how adversaries actually use the vulnerability.

Search and List CVEs

GET /api/v1/cves

Search, filter, and list CVEs with various criteria.

Headers:

  • X-API-Key: Required

Query Parameters:

  • q (optional): Full-text search query
  • ids (optional): Comma-separated list of CVE IDs for batch lookup
  • severity_min (optional): Minimum CVSS base score (0.0-10.0)
  • severity_max (optional): Maximum CVSS base score (0.0-10.0)
  • published_after (optional): ISO 8601 date (e.g., 2024-01-01)
  • published_before (optional): ISO 8601 date
  • modified_after (optional): ISO 8601 date
  • modified_before (optional): ISO 8601 date
  • kev (optional): Filter by KEV status (true/false)
  • epss_min (optional): Minimum EPSS score (0.0-1.0)
  • epss_max (optional): Maximum EPSS score (0.0-1.0)
  • limit (optional): Number of results per page (1-100, default: 20)
  • after (optional): Cursor for pagination
  • fields (optional): Comma-separated list of fields to include
  • include (optional): Comma-separated list of enrichment data to include (acsc, enrichment, attack)

Example Requests:

Search for recent critical vulnerabilities:

curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?severity_min=9.0&published_after=2024-01-01&limit=10"

Batch lookup multiple CVEs:

curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?ids=CVE-2024-0001,CVE-2024-0002,CVE-2024-0003"

Full-text search:

curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?q=buffer+overflow&limit=20"

Search with ACSC data included:

curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?q=buffer+overflow&include=acsc&limit=20"

Search with both ACSC and enrichment data:

curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?severity_min=7.0&include=acsc,enrichment&limit=10"

Search for high-risk CVEs with ATT&CK mappings:

# Critical CVEs with known attack techniques
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?severity_min=9.0&include=attack&limit=20"

# Known exploited vulnerabilities with ATT&CK data for threat hunting
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?kev=true&include=attack&limit=50"

Response:

{
	"data": {
		"cves": [
			{
				"id": "CVE-2024-0001",
				"published": "2024-01-15T10:00:00Z",
				"lastModified": "2024-01-16T14:30:00Z",
				"description": "Buffer overflow vulnerability in Example Product...",
				"cvss": {
					"baseScore": 9.8,
					"baseSeverity": "CRITICAL"
				},
				"enrichment": {
					"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
					"cvss_source": "nvd",
					"cwe_list": ["CWE-120", "CWE-787"],
					"exploit_flag": true,
					"kev_flag": false,
					"attack_vector": "network",
					"patch_available": true,
					"cpe_count": 15,
					"reference_count": 23,
					"vendor_tags": ["nvd"],
					"enriched_at": "2024-01-15T18:30:00.000Z"
				},
				"acsc_notices": [
					{
						"id": "2024-advisory-001",
						"type": "advisory",
						"title": "Critical Buffer Overflow Vulnerabilities",
						"priority": "Critical",
						"published": "2024-01-16T08:00:00Z"
					}
				]
			}
		],
		"pagination": {
			"limit": 20,
			"hasMore": true,
			"nextCursor": "cursor-value"
		}
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}

Response with ATT&CK data included:

When using include=attack, the response includes ATT&CK technique mappings:

{
	"data": {
		"cves": [
			{
				"id": "CVE-2024-21234",
				"published": "2024-01-15T10:00:00Z",
				"description": "Remote code execution vulnerability...",
				"cvss": {
					"baseScore": 9.8,
					"baseSeverity": "CRITICAL"
				},
				"kev": {
					"dateAdded": "2024-01-20",
					"knownRansomware": false
				},
				"attack": {
					"techniques": ["T1190", "T1059.003"]
				}
			},
			{
				"id": "CVE-2024-21235",
				"published": "2024-01-16T10:00:00Z",
				"description": "Privilege escalation vulnerability...",
				"cvss": {
					"baseScore": 7.8,
					"baseSeverity": "HIGH"
				},
				"attack": {
					"techniques": ["T1068", "T1055"]
				}
			}
		],
		"pagination": {
			"limit": 20,
			"hasMore": true,
			"nextCursor": "cursor-value"
		}
	}
}

The ATT&CK techniques help identify:

  • T1190: Internet-facing attack surface
  • T1059.003: Windows Command Shell execution
  • T1068: Privilege escalation to SYSTEM
  • T1055: Process injection capabilities

KEV Endpoint

Get Known Exploited Vulnerabilities

GET /api/v1/kev

Retrieve the catalog of known exploited vulnerabilities.

Headers:

  • X-API-Key: Required

Query Parameters:

  • vendor (optional): Filter by vendor name
  • product (optional): Filter by product name
  • ransomware (optional): Filter by ransomware association (true/false)
  • limit (optional): Number of results per page (1-100, default: 20)
  • after (optional): Cursor for pagination

Example Request:

curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/kev?ransomware=true&limit=10"

Response:

{
	"data": {
		"vulnerabilities": [
			{
				"cveId": "CVE-2023-12345",
				"vendorProject": "Example Corp",
				"product": "Example Product",
				"vulnerabilityName": "Example Product Remote Code Execution",
				"dateAdded": "2024-01-20",
				"shortDescription": "A vulnerability allowing remote code execution...",
				"requiredAction": "Apply patches immediately",
				"dueDate": "2024-02-10",
				"knownRansomware": true,
				"notes": "Additional context..."
			}
		],
		"pagination": {
			"limit": 10,
			"hasMore": true,
			"nextCursor": "cursor-value"
		}
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}

Usage Endpoint

Get API Key Usage

GET /api/v1/usage

Retrieve current usage statistics for your API key.

Headers:

  • X-API-Key: Required

Response:

{
	"data": {
		"usage": {
			"plan": "CyberSecFeed Plus",
			"quota": 30000,
			"used": 1523,
			"remaining": 28477,
			"reset_at": "2024-02-01T00:00:00Z",
			"percentage_used": 5.08
		}
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}

Response Headers:

  • X-Rate-Limit-Remaining: Requests remaining in rate limit window (Free tier only)
  • X-Rate-Limit-Reset: Unix timestamp when rate limit resets (Free tier only)

Note: Quota information (used/limit) is not included in response headers to improve caching performance. To check your current usage and quota limits, use the dedicated /api/v1/usage endpoint.

Error Responses:

// 401 Unauthorized - Invalid or missing API key
{
	"error": {
		"code": "UNAUTHORIZED",
		"message": "Invalid API key"
	}
}

Statistics Endpoint

Get Platform Statistics

GET /api/v1/stats

Retrieve aggregate statistics about the vulnerability database.

Headers:

  • X-API-Key: Required

Response:

{
	"data": {
		"stats": {
			"totalCves": 350000,
			"cvesLast24Hours": 125,
			"cvesLast7Days": 890,
			"cvesLast30Days": 3456,
			"totalKev": 1374,
			"totalWithEpss": 284000,
			"averageEpssScore": 0.123,
			"totalWithAcsc": 245,
			"lastUpdated": "2024-01-25T11:45:00Z"
		}
	},
	"meta": {
		"timestamp": "2024-01-25T12:00:00Z",
		"version": "v1",
		"correlationId": "req-12345"
	}
}