API v1.5 Parameters Reference

This page provides a comprehensive reference for all query parameters supported by CyberSecFeed API v1.5 endpoints, including advanced sorting, named severity levels, and enterprise batch operations.

Global Parameters

These parameters are supported across multiple endpoints in API v1.5.

include

Controls which enrichment data is included in responses for optimal performance.

Type: String (comma-separated list)
Default: None (only core data, KEV, and EPSS included)
Valid Values: acsc, enrichment, attack

Performance Impact: Including enrichment data may increase response time by 10-30ms but provides comprehensive threat intelligence at the same credit cost.

Examples:

# Include ACSC data
?include=acsc

# Include enrichment framework data
?include=enrichment

# Include MITRE ATT&CK technique mappings
?include=attack

# Include both ACSC and enrichment data
?include=acsc,enrichment

# Include all enrichment types
?include=acsc,enrichment,attack

Supported Endpoints:

• /api/v1/cve/{id} (GET)
• /api/v1/cves (GET)
• /api/v1/cve/batch (POST) - Enterprise batch endpoint

fields

Select specific fields to include in the response to reduce payload size.

Type: String (comma-separated list)
Default: All available fields for the endpoint

Available Fields (v1.5):

• cve_id - CVE identifier
• published - Publication date
• modified - Last modified date
• severity - Severity level (critical/high/medium/low)
• status - CVE status
• kev - KEV catalog status
• epss - EPSS score and percentile
• enrichment_status - Enrichment processing status
• source_tag - Data source information

Examples:

# Get only ID and severity data
?fields=cve_id,severity

# Get essential risk assessment fields (85% payload reduction)
?fields=cve_id,severity,kev,epss

# Get ID, description, and ACSC data (requires include=acsc)
?fields=cve_id,description,acsc&include=acsc

Field Selection Performance: Using field selection can reduce payload size by up to 85%, significantly improving response times and bandwidth usage.

Supported Endpoints:

• /api/v1/cve/{id} (GET)
• /api/v1/cves (GET)
• /api/v1/cve/batch (POST) - Enterprise batch endpoint

limit

Number of results to return per page.

Type: Integer
Range: 1-100
Default: 20

Examples:

# Get 10 results
?limit=10

# Get maximum 100 results
?limit=100

Supported Endpoints:

• /api/v1/cves
• /api/v1/kev

after

Cursor for pagination to get the next page of results.

Type: String (opaque cursor value)
Default: None (first page)

Examples:

# Get next page using cursor from previous response
?after=eyJpZCI6IkNWRS0yMDI0LTAwMjAifQ==

Supported Endpoints:

• /api/v1/cves
• /api/v1/kev

v1.5 Advanced Sorting Parameters

API v1.5 introduces advanced sorting capabilities with 8 sort options for optimized data retrieval.

sort

Sort results by specified criteria for optimized queries.

Type: String
Default: published_desc (newest first)
Valid Values:

• severity_desc - Sort by severity (Critical → Low) - Fastest, recommended
• severity_asc - Sort by severity (Low → Critical)
• published_desc - Sort by publication date (newest first)
• published_asc - Sort by publication date (oldest first)
• modified_desc - Sort by modification date (recently updated first)
• modified_asc - Sort by modification date (oldest updates first)
• epss_desc - Sort by EPSS score (highest exploitation probability first)
• epss_asc - Sort by EPSS score (lowest exploitation probability first)

Performance Characteristics:

Sort Option	Use Case	Performance	Query Optimization
severity_desc	Critical vulnerability monitoring	Fastest	Primary index
published_desc	Recent vulnerability tracking	Fast	Time-based index
epss_desc	Exploitation prioritization	Fast	EPSS index
modified_desc	Change monitoring	Fast	Modified index

Examples:

# Get critical vulnerabilities first (fastest query)
?sort=severity_desc

# Get recently published CVEs
?sort=published_desc

# Prioritize by exploitation probability
?sort=epss_desc&severity=critical

# Monitor recent changes
?sort=modified_desc&modified_after=2024-01-01

Supported Endpoints:

• /api/v1/cves (GET)
• /api/v1/cve/batch (POST)

v1.5 Enhanced Severity Parameters

API v1.5 introduces named severity levels alongside numeric CVSS scoring.

severity

Filter by named severity levels (v1.5 feature).

Type: String (comma-separated list)
Valid Values: critical, high, medium, low
Default: None (all severity levels)
CVSS Mapping:

• critical - CVSS 9.0-10.0
• high - CVSS 7.0-8.9
• medium - CVSS 4.0-6.9
• low - CVSS 0.1-3.9

Examples:

# Critical vulnerabilities only
?severity=critical

# High and critical vulnerabilities
?severity=critical,high

# Medium and high severity
?severity=medium,high

# Everything except low severity
?severity=critical,high,medium

Performance Advantage: Named severity filtering is optimized and faster than numeric ranges.

Supported Endpoints:

• /api/v1/cves (GET)
• /api/v1/cve/batch (POST)

CVE Search Parameters

These parameters are specific to CVE search endpoints with v1.5 enhancements.

q

Full-text search query across CVE descriptions and metadata.

Type: String Default: None (no text filtering) Behavior:

• Case-insensitive (searches for "Apache" and "apache" return same results)
• Searches both CVE ID and description fields
• Returns empty array if no matches (not an error)
• Special characters are handled automatically

Examples:

# Search for buffer overflow vulnerabilities
?q=buffer+overflow

# Search for specific products (case-insensitive)
?q=apache+httpd
?q=APACHE+HTTPD  # Returns same results

# Search for attack types
?q=remote+code+execution

# Search with special characters (automatically handled)
?q=log4j

ids

Batch lookup of specific CVE IDs.

Type: String (comma-separated list of CVE IDs)
Default: None

Examples:

# Look up specific CVEs
?ids=CVE-2024-0001,CVE-2024-0002,CVE-2024-0003

# Single CVE lookup (alternative to /cve/{id} endpoint)
?ids=CVE-2024-0001

severity_min / severity_max

Filter by CVSS base score range (legacy v1.4 parameters - use severity for better performance).

Type: Float
Range: 0.0-10.0
Default: None (no severity filtering)
Recommendation: Use the v1.5 severity parameter with named levels for better performance.

Examples:

# High and critical severity only
?severity_min=7.0
# v1.5 Equivalent (faster): ?severity=critical,high

# Medium to high severity
?severity_min=4.0&severity_max=8.9
# v1.5 Equivalent (faster): ?severity=medium,high

# Critical severity only
?severity_min=9.0&severity_max=10.0
# v1.5 Equivalent (faster): ?severity=critical

published_after / published_before

Filter by CVE publication date.

Type: String (ISO 8601 date)
Format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ
Default: None (no date filtering)

Examples:

# CVEs published in 2024
?published_after=2024-01-01&published_before=2024-12-31

# CVEs published in the last 30 days
?published_after=2024-01-01

# CVEs published before a specific date
?published_before=2024-06-01

modified_after / modified_before

Filter by CVE last modified date.

Type: String (ISO 8601 date)
Format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ
Default: None (no modification date filtering)

Examples:

# Recently updated CVEs
?modified_after=2024-01-20

# CVEs modified in a specific time range
?modified_after=2024-01-01&modified_before=2024-01-31

kev

Filter by Known Exploited Vulnerabilities status.

Type: Boolean
Valid Values: true, false
Default: None (include both KEV and non-KEV)

Examples:

# Only CVEs in the KEV catalog
?kev=true

# Only CVEs NOT in the KEV catalog
?kev=false

has_acsc

Filter CVEs by ACSC notice presence for efficient discovery.

Type: Boolean
Valid Values: true, false
Default: None (include all CVEs)
Efficiency Benefit: Server-side filtering for targeted ACSC intelligence

Examples:

# Get only CVEs with ACSC notices
?has_acsc=true

# Combine with severity filtering for high-priority ACSC alerts  
?has_acsc=true&severity=critical&include=acsc

# Recent ACSC activity monitoring
?has_acsc=true&published_after=2024-01-01&include=acsc

Best Practice: Use has_acsc=true when you specifically need ACSC-related CVEs, then add include=acsc to get the actual notice details.

Supported Endpoints:

• /api/v1/cves (GET)
• /api/v1/cves/recent (GET)

epss_min / epss_max

Filter by EPSS (Exploit Prediction Scoring System) score range.

Type: Float Range: 0.0-1.0 Default: None (no EPSS filtering)

Examples:

# High exploitation probability (top 10%)
?epss_min=0.1&include=epss

# Medium risk range
?epss_min=0.3&epss_max=0.7&include=epss

# Low risk CVEs (bottom 90%)
?epss_max=0.1&include=epss

# Very high exploitation probability (top 1%)
?epss_min=0.37&include=epss

Note: Add include=epss to get the actual EPSS scores in the response.

exploitable

Filter by exploitability assessment from enrichment data.

Type: Boolean Valid Values: true, false Default: None (include both)

Examples:

# Only exploitable CVEs (enrichment-based assessment)
?exploitable=true

# Only non-exploitable CVEs
?exploitable=false

Supported Endpoints: /api/v1/cves

has_references

Filter CVEs by presence of reference links.

Type: Boolean Valid Values: true, false Default: None (include both)

Examples:

# Only CVEs with reference documentation
?has_references=true

# CVEs without reference links
?has_references=false

Supported Endpoints: /api/v1/cves

cvss_min

Filter by enrichment framework CVSS score minimum.

Type: Float Range: 0.0-10.0 Default: None

Example:

# CVEs with enrichment CVSS >= 7.0
?cvss_min=7.0

Supported Endpoints: /api/v1/cves

cpe_count_min

Filter by minimum number of CPE (Common Platform Enumeration) matches.

Type: Integer Range: 1+ Default: None

Example:

# CVEs affecting 5+ products/platforms
?cpe_count_min=5

Use Case: Find widespread vulnerabilities affecting multiple products

Supported Endpoints: /api/v1/cves

vendor

Filter CVEs by vendor tags from enrichment data. Requires include=enrichment for /api/v1/cves endpoint.

Type: String
Default: None (all vendors) for /api/v1/cves, nvd for /api/v1/cve/{id}/detail
Valid Values:

• All plans: nvd, mitre
• Enterprise only: cisco, flashpoint, and other vendor-specific feeds

Examples:

For CVE Search (/api/v1/cves):

# NVD-enriched CVEs (available to all plans)
?vendor=nvd&include=enrichment

# MITRE-enriched CVEs
?vendor=mitre&include=enrichment

# Examples of vendor-specific feeds (Enterprise plan only)
?vendor=cisco&include=enrichment
?vendor=microsoft&include=enrichment
?vendor=redhat&include=enrichment
?vendor=vmware&include=enrichment

For CVE Detail (/api/v1/cve/{id}/detail):

# Default NVD detailed data
GET /api/v1/cve/CVE-2024-0001/detail

# MITRE detailed data
GET /api/v1/cve/CVE-2024-0001/detail?vendor=mitre

# Vendor-specific detailed data (Enterprise)
GET /api/v1/cve/CVE-2024-0001/detail?vendor=cisco
GET /api/v1/cve/CVE-2024-0001/detail?vendor=flashpoint

Note: Enterprise customers can access custom vendor feeds based on their subscription. Available vendors vary by Enterprise agreement and may include Cisco, Microsoft, Red Hat, VMware, Oracle, IBM, Adobe, Flashpoint, and many others. Contact sales for available vendor feeds.

Supported Endpoints:

• /api/v1/cves (requires include=enrichment)
• /api/v1/cve/{id}/detail (standalone parameter)

attack_vector

Filter CVEs by CVSS attack vector. Requires include=enrichment.

Type: String
Valid Values: network, adjacent, local, physical (or N, A, L, P)
Default: None (all attack vectors)

Examples:

# Network-exploitable vulnerabilities
?attack_vector=network&include=enrichment

# Local privilege escalation vulnerabilities
?attack_vector=local&include=enrichment

exploit (Enhanced in v1.5)

Filter CVEs by exploit availability with enhanced detection capabilities.

Type: Boolean
Valid Values: true, false
Default: None (include both)
v1.5 Enhancement: No longer requires include=enrichment - exploit detection is now built-in.

Detection Sources:

• CISA KEV catalog
• Enrichment framework analysis
• Public exploit databases
• Proof-of-concept availability

Examples:

# Only CVEs with confirmed exploits (v1.5 enhanced detection)
?exploit=true

# CVEs without known exploits
?exploit=false

# High-priority exploit targets
?exploit=true&severity=critical&sort=epss_desc

patched

Filter CVEs by patch availability. Requires include=enrichment.

Type: Boolean
Valid Values: true, false
Default: None (include both)

Examples:

# Only patched CVEs
?patched=true&include=enrichment

# Only unpatched CVEs
?patched=false&include=enrichment

Enterprise Batch Endpoint Parameters (v1.5)

The POST /api/v1/cve/batch endpoint supports these parameters in the request body.

cve_ids (Required)

Array of CVE IDs to retrieve in batch.

Type: Array of strings
Range: 1-50 CVE IDs per request
Format: CVE-YYYY-NNNN+

Example:

{
	"cve_ids": ["CVE-2024-0001", "CVE-2024-0002", "CVE-2021-44228"]
}

fields (Optional)

Array of fields to include in response for payload optimization.

Type: Array of strings
Default: All available fields

Example:

{
	"cve_ids": ["CVE-2024-0001"],
	"fields": ["cve_id", "severity", "kev", "epss"]
}

include (Optional)

Array of enrichment data types to include.

Type: Array of strings
Valid Values: ["enrichment", "acsc", "attack"]

Example:

{
	"cve_ids": ["CVE-2024-0001"],
	"include": ["enrichment", "attack"]
}

Enterprise Batch Performance

• Cost: 35 credits (flat rate for 1-50 CVEs)
• Savings: 86% vs individual calls (250 credits for 50 CVEs)
• Response Time: Single request vs 50 HTTP round trips
• Features: Field selection, enrichment, comprehensive threat intelligence

KEV Search Parameters

These parameters are specific to the /api/v1/kev endpoint.

vendor

Filter KEV entries by vendor name.

Type: String Default: None (all vendors)

Examples:

# Microsoft products only
?vendor=Microsoft

# Adobe products only
?vendor=Adobe

# Apache products
?vendor=Apache

product

Filter KEV entries by product name.

Type: String Default: None (all products)

Examples:

# Windows-related vulnerabilities
?product=Windows

# Apache HTTP Server vulnerabilities
?product=HTTP+Server

# Exchange Server vulnerabilities
?product=Exchange

ransomware

Filter KEV entries by ransomware association.

Type: Boolean Valid Values: true, false Default: None (include both ransomware and non-ransomware)

Examples:

# Only vulnerabilities used by ransomware campaigns
?ransomware=true

# Only vulnerabilities NOT used by ransomware (for non-ransomware threat prioritization)
?ransomware=false

due_date_after / due_date_before

Filter KEV entries by CISA-mandated remediation deadline.

Type: String (ISO 8601 date) Format: YYYY-MM-DD Default: None (all due dates)

Examples:

# KEVs with upcoming deadlines (remediation due after today)
?due_date_after=2026-01-02

# KEVs with past-due deadlines (urgent action required)
?due_date_before=2026-01-02

# KEVs with deadlines in specific month
?due_date_after=2026-01-01&due_date_before=2026-01-31

Supported Endpoints: /api/v1/kev

Parameter Combinations

v1.5 parameters can be combined for precise filtering with optimal performance:

High-Risk Vulnerability Search (v1.5 Optimized)

# Critical CVEs with confirmed exploits and high EPSS scores
GET /api/v1/cves?severity=critical&exploit=true&epss_min=0.8&sort=severity_desc&limit=20

# Enterprise batch version (86% cost savings)
POST /api/v1/cve/batch
{
  "cve_ids": ["CVE-2024-0001", "CVE-2024-0002", ...],
  "fields": ["cve_id", "severity", "kev", "epss"],
  "include": ["enrichment"]
}

Product-Specific Intelligence (v1.5)

# Recent Microsoft vulnerabilities with optimized sorting
GET /api/v1/cves?q=Microsoft&published_after=2024-01-01&severity=critical,high&sort=published_desc&limit=50

Exploitation Monitoring (v1.5 Enhanced)

# Recently disclosed exploits with threat intelligence
GET /api/v1/cves?exploit=true&published_after=2024-01-01&sort=epss_desc&include=enrichment,attack

Performance-Optimized Queries (v1.5)

# Fast critical vulnerability monitoring
GET /api/v1/cves?severity=critical&sort=severity_desc&fields=cve_id,severity,kev,epss&limit=10

# Bandwidth-optimized threat intelligence
GET /api/v1/cves?severity=critical,high&exploit=true&fields=cve_id,severity,epss&include=attack&limit=20

Enterprise Batch Examples (v1.5)

# Ultra-fast batch processing (35 credits vs 250)
POST /api/v1/cve/batch
{
  "cve_ids": [/* 50 CVE IDs */],
  "fields": ["cve_id", "severity"]  # 90% payload reduction
}

# Comprehensive threat intelligence batch
POST /api/v1/cve/batch
{
  "cve_ids": [/* CVE IDs */],
  "include": ["enrichment", "attack", "acsc"]  # Full intelligence
}

Regional Threat Monitoring (v1.5)

# ACSC-relevant vulnerabilities with named severity
GET /api/v1/cves?severity=medium,high,critical&include=acsc&sort=severity_desc&limit=20

Ransomware Intelligence

# All ransomware-associated KEV entries
GET /api/v1/kev?ransomware=true&limit=100

URL Encoding

Remember to URL-encode special characters in parameter values:

Character	Encoded
Space	+ or %20
Comma	%2C
Ampersand	%26
Plus	%2B

Examples:

# Search for "remote code execution"
?q=remote+code+execution
# or
?q=remote%20code%20execution

# Multiple CVE IDs
?ids=CVE-2024-0001%2CCVE-2024-0002

v1.5 Performance Optimization

Advanced Performance Strategies

1. Use severity over severity_min/max - Named severity levels are faster (optimized indexes)
2. Use sort=severity_desc - Fastest query performance for critical vulnerability monitoring
3. Leverage field selection - Reduce payload by up to 85% with targeted fields
4. Enterprise batch operations - 86% cost savings for bulk CVE analysis
5. Exploit filtering optimization - Built-in exploit detection without include=enrichment
6. Smart sorting - Choose sort options based on use case for optimal performance

Performance Impact Matrix (v1.5)

Configuration	Query Performance	Payload Size	Credits	Efficiency
Named severity + field select	Fastest	85% ↓	Same	Maximum
Default query	Standard	Baseline	Same	Good
Enterprise batch (50 CVEs)	Single request	Bulk opt	35	86% savings
Legacy severity_min/max	Slower	Full	Same	Moderate

Recommended Patterns

# ✅ v1.5 Optimized - fastest performance
?severity=critical&sort=severity_desc&fields=cve_id,severity,kev

# ❌ Legacy v1.4 - slower performance
?severity_min=9.0&severity_max=10.0

# ✅ Enterprise batch - maximum efficiency
POST /api/v1/cve/batch with field selection

# ❌ Individual calls - 86% more expensive
Multiple GET /api/v1/cve/{id} calls

Complete Usage Examples - Validated Scenarios

These examples show all parameter combinations validated through comprehensive UAT testing.

Get All CVEs with Specific Enrichment

# All ACSC-related CVEs (server-side filtered for efficiency)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?has_acsc=true&include=acsc&limit=100"

# All KEV-listed CVEs with full details
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?kev=true&include=kev&limit=100"

# All CVEs with MITRE ATT&CK mappings
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?include=attack&limit=100"

Severity-Based Filtering (All Categories)

# All critical severity CVEs (CVSS 9.0-10.0)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?severity=critical&limit=100"

# All high severity CVEs (CVSS 7.0-8.9)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?severity=high&limit=100"

# All medium severity CVEs (CVSS 4.0-6.9)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?severity=medium&limit=100"

# All low severity CVEs (CVSS 0.1-3.9)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?severity=low&limit=100"

EPSS-Based Risk Filtering

# Top 10% exploitation probability (EPSS >= 0.1)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?epss_min=0.1&include=epss&limit=100"

# Top 1% exploitation probability (EPSS >= 0.37)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?epss_min=0.37&include=epss&limit=100"

# High EPSS AND known exploited (critical threat combination)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?epss_min=0.5&kev=true&include=epss&limit=100"

# Sort by EPSS score (highest exploitation probability first)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?sort=epss_desc&include=epss&limit=50"

Date-Based Retrieval

# CVEs published in last 7 days
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?published_after=2025-12-26&limit=100"

# CVEs modified in last 7 days (change tracking)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?modified_after=2025-12-26&limit=100"

# CVEs published in specific date range
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?published_after=2025-12-01&published_before=2025-12-31&limit=100"

Combined Filter Scenarios (Validated)

# Australian critical vulnerabilities (ACSC + severity)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?has_acsc=true&severity=critical&include=acsc&limit=100"

# High-risk exploited vulnerabilities (KEV + high EPSS)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?kev=true&epss_min=0.5&include=epss&limit=100"

# Recent critical vulnerabilities (published + severity)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?severity=critical&published_after=2025-12-01&limit=100"

# Exploited vulnerabilities with ATT&CK mappings (KEV + attack data)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?kev=true&include=attack&limit=100"

All Sorting Options (Validated)

# Sort by severity (highest first) - Fastest for critical monitoring
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?sort=severity_desc&limit=50"

# Sort by severity (lowest first)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?sort=severity_asc&limit=50"

# Sort by EPSS score (highest exploitation probability first)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?sort=epss_desc&include=epss&limit=50"

# Sort by EPSS score (lowest exploitation probability first)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?sort=epss_asc&include=epss&limit=50"

# Sort by publication date (newest first)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?sort=published_desc&limit=50"

# Sort by publication date (oldest first)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?sort=published_asc&limit=50"

# Sort by modification date (recently updated first)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?sort=modified_desc&limit=50"

# Sort by modification date (oldest updates first)
curl -H "X-API-Key: your-api-key-here" \
     "https://api.cybersecfeed.com/api/v1/cves?sort=modified_asc&limit=50"

---

Error Handling

Invalid parameter values will return a 400 Bad Request response:

{
	"error": {
		"code": "INVALID_PARAMETER",
		"message": "Invalid value for parameter 'severity_min': must be between 0.0 and 10.0",
		"parameter": "severity_min",
		"value": "15.0"
	}
}

Common parameter validation errors:

• severity: Must be one of: critical, high, medium, low
• sort: Must be valid sort option (8 options available)
• severity_min/max: Must be 0.0-10.0
• epss_min/max: Must be 0.0-1.0
• limit: Must be 1-100 for /cves, 1-500 for /kev and /cves/recent
• published_after/before: Must be valid ISO 8601 date
• modified_after/before: Must be valid ISO 8601 date
• due_date_after/before: Must be valid ISO 8601 date (KEV endpoint only)
• exploit/kev/ransomware/exploitable/has_references: Must be string "true" or "false" (not JSON boolean)
• include: Must be valid enrichment type(s): epss, kev, attack, acsc, enrichment
• cve_ids (batch): Must be 1-50 valid CVE IDs in CVE-YYYY-NNNN format
• fields: Must be valid field names from available field list
• type (recent endpoint): Must be published, modified, or both

Cross-Parameter Validation:

# ERROR: severity_min cannot be greater than severity_max
?severity_min=8&severity_max=6
# Returns: 400 Bad Request

# ERROR: epss_min cannot be greater than epss_max
?epss_min=0.8&epss_max=0.2
# Returns: 400 Bad Request

# ERROR: published_after cannot be later than published_before
?published_after=2026-01-01&published_before=2025-01-01
# Returns: 400 Bad Request

Note on Boolean Parameters: Boolean parameters accept string values "true" or "false" as query parameters:

• ✅ Correct: ?kev=true or ?kev=false
• ❌ Incorrect: ?kev=1 or ?kev=0 or JSON boolean in URL