Query Parameters Reference
This page provides a comprehensive reference for all query parameters supported by CyberSecFeed API endpoints.
Global Parameters
These parameters are supported across multiple endpoints.
include
Controls which enrichment data is included in responses for optimal performance.
Type: String (comma-separated list)
Default: None (only core data, KEV, and EPSS included)
Valid Values: acsc, enrichment, attack
Examples:
# Include ACSC data
?include=acsc
# Include enrichment framework data
?include=enrichment
# Include MITRE ATT&CK technique mappings
?include=attack
# Include both ACSC and enrichment data
?include=acsc,enrichment
# Include all enrichment types
?include=acsc,enrichment,attack
Supported Endpoints:
/api/v1/cve/{id}/api/v1/cves
fields
Select specific fields to include in the response to reduce payload size.
Type: String (comma-separated list)
Default: All available fields for the endpoint
Examples:
# Get only ID and CVSS data
?fields=id,cvss
# Get ID, CVSS, and KEV data
?fields=id,cvss,kev
# Get ID, description, and ACSC data (requires include=acsc)
?fields=id,description,acsc&include=acsc
Supported Endpoints:
/api/v1/cve/{id}/api/v1/cves
limit
Number of results to return per page.
Type: Integer
Range: 1-100
Default: 20
Examples:
# Get 10 results
?limit=10
# Get maximum 100 results
?limit=100
Supported Endpoints:
/api/v1/cves/api/v1/kev
after
Cursor for pagination to get the next page of results.
Type: String (opaque cursor value)
Default: None (first page)
Examples:
# Get next page using cursor from previous response
?after=eyJpZCI6IkNWRS0yMDI0LTAwMjAifQ==
Supported Endpoints:
/api/v1/cves/api/v1/kev
CVE Search Parameters
These parameters are specific to the /api/v1/cves endpoint.
q
Full-text search query across CVE descriptions and metadata.
Type: String
Default: None (no text filtering)
Examples:
# Search for buffer overflow vulnerabilities
?q=buffer+overflow
# Search for specific products
?q=apache+httpd
# Search for attack types
?q=remote+code+execution
ids
Batch lookup of specific CVE IDs.
Type: String (comma-separated list of CVE IDs)
Default: None
Examples:
# Look up specific CVEs
?ids=CVE-2024-0001,CVE-2024-0002,CVE-2024-0003
# Single CVE lookup (alternative to /cve/{id} endpoint)
?ids=CVE-2024-0001
severity_min / severity_max
Filter by CVSS base score range.
Type: Float
Range: 0.0-10.0
Default: None (no severity filtering)
Examples:
# High and critical severity only
?severity_min=7.0
# Medium to high severity
?severity_min=4.0&severity_max=8.9
# Critical severity only
?severity_min=9.0&severity_max=10.0
published_after / published_before
Filter by CVE publication date.
Type: String (ISO 8601 date)
Format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ
Default: None (no date filtering)
Examples:
# CVEs published in 2024
?published_after=2024-01-01&published_before=2024-12-31
# CVEs published in the last 30 days
?published_after=2024-01-01
# CVEs published before a specific date
?published_before=2024-06-01
modified_after / modified_before
Filter by CVE last modified date.
Type: String (ISO 8601 date)
Format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ
Default: None (no modification date filtering)
Examples:
# Recently updated CVEs
?modified_after=2024-01-20
# CVEs modified in a specific time range
?modified_after=2024-01-01&modified_before=2024-01-31
kev
Filter by Known Exploited Vulnerabilities status.
Type: Boolean
Valid Values: true, false
Default: None (include both KEV and non-KEV)
Examples:
# Only CVEs in the KEV catalog
?kev=true
# Only CVEs NOT in the KEV catalog
?kev=false
epss_min / epss_max
Filter by EPSS (Exploit Prediction Scoring System) score range.
Type: Float
Range: 0.0-1.0
Default: None (no EPSS filtering)
Examples:
# High exploitation probability
?epss_min=0.8
# Low to medium exploitation probability
?epss_min=0.1&epss_max=0.5
# Very high exploitation probability
?epss_min=0.95
vendor
Filter CVEs by vendor tags from enrichment data. Requires include=enrichment.
Type: String
Default: None (all vendors)
Valid Values:
- All plans:
nvd - Enterprise only: Any vendor-specific feed configured for your account
Examples:
# NVD-enriched CVEs (available to all plans)
?vendor=nvd&include=enrichment
# Examples of vendor-specific feeds (Enterprise plan only)
?vendor=cisco&include=enrichment
?vendor=microsoft&include=enrichment
?vendor=redhat&include=enrichment
?vendor=vmware&include=enrichment
Note: Enterprise customers can access custom vendor feeds based on their subscription. Available vendors vary by Enterprise agreement and may include Cisco, Microsoft, Red Hat, VMware, Oracle, IBM, Adobe, and many others. Contact sales for available vendor feeds.
attack_vector
Filter CVEs by CVSS attack vector. Requires include=enrichment.
Type: String
Valid Values: network, adjacent, local, physical (or N, A, L, P)
Default: None (all attack vectors)
Examples:
# Network-exploitable vulnerabilities
?attack_vector=network&include=enrichment
# Local privilege escalation vulnerabilities
?attack_vector=local&include=enrichment
exploit
Filter CVEs by exploit availability. Requires include=enrichment.
Type: Boolean
Valid Values: true, false
Default: None (include both)
Examples:
# Only CVEs with known exploits
?exploit=true&include=enrichment
# Only CVEs without known exploits
?exploit=false&include=enrichment
patched
Filter CVEs by patch availability. Requires include=enrichment.
Type: Boolean
Valid Values: true, false
Default: None (include both)
Examples:
# Only patched CVEs
?patched=true&include=enrichment
# Only unpatched CVEs
?patched=false&include=enrichment
KEV Search Parameters
These parameters are specific to the /api/v1/kev endpoint.
vendor
Filter KEV entries by vendor name.
Type: String
Default: None (all vendors)
Examples:
# Microsoft products only
?vendor=Microsoft
# Adobe products only
?vendor=Adobe
product
Filter KEV entries by product name.
Type: String
Default: None (all products)
Examples:
# Windows-related vulnerabilities
?product=Windows
# Apache HTTP Server vulnerabilities
?product=HTTP+Server
ransomware
Filter KEV entries by ransomware association.
Type: Boolean
Valid Values: true, false
Default: None (include both ransomware and non-ransomware)
Examples:
# Only vulnerabilities used by ransomware
?ransomware=true
# Only vulnerabilities NOT used by ransomware
?ransomware=false
Parameter Combinations
Many parameters can be combined for precise filtering:
High-Risk Vulnerability Search
# Critical CVEs in KEV with high EPSS scores from last 30 days
GET /api/v1/cves?severity_min=9.0&kev=true&epss_min=0.8&published_after=2024-01-01&include=acsc
Product-Specific Intelligence
# Recent Microsoft vulnerabilities with enrichment data
GET /api/v1/cves?q=Microsoft&published_after=2024-01-01&include=acsc,enrichment&limit=50
Regional Threat Monitoring
# ACSC-relevant vulnerabilities with medium+ severity
GET /api/v1/cves?severity_min=4.0&include=acsc&limit=20
Ransomware Intelligence
# All ransomware-associated KEV entries
GET /api/v1/kev?ransomware=true&limit=100
URL Encoding
Remember to URL-encode special characters in parameter values:
| Character | Encoded |
|---|---|
| Space | + or %20 |
| Comma | %2C |
| Ampersand | %26 |
| Plus | %2B |
Examples:
# Search for "remote code execution"
?q=remote+code+execution
# or
?q=remote%20code%20execution
# Multiple CVE IDs
?ids=CVE-2024-0001%2CCVE-2024-0002
Performance Considerations
- Use
fieldsparameter to reduce response size when you don't need all data - Avoid overly broad searches without limiting parameters
- Use specific date ranges rather than querying all historical data
- Paginate large result sets using
limitandafterparameters - Use
includeparameter judiciously - only request enrichment data when needed
Error Handling
Invalid parameter values will return a 400 Bad Request response:
{
"error": {
"code": "INVALID_PARAMETER",
"message": "Invalid value for parameter 'severity_min': must be between 0.0 and 10.0",
"parameter": "severity_min",
"value": "15.0"
}
}
Common parameter validation errors:
- severity_min/max: Must be 0.0-10.0
- epss_min/max: Must be 0.0-1.0
- limit: Must be 1-100
- published_after/before: Must be valid ISO 8601 date
- kev/ransomware: Must be
trueorfalse - include: Must be valid enrichment type(s)