Response Formats
All CyberSecFeed API responses use consistent JSON formatting to ensure predictable integration.
Standard Response Structure
Every successful response follows this structure:
{
"data": {
// Endpoint-specific response data
},
"meta": {
"timestamp": "ISO 8601 timestamp",
"version": "API version",
"correlationId": "Unique request identifier"
}
}
Common Data Types
CVE Object
The CVE object is returned by various endpoints with different levels of detail. Important: ACSC data is only included when explicitly requested via the include=acsc parameter. By default, CVE responses exclude ACSC data for optimal performance.
Default CVE Object (no include parameters):
{
"id": "CVE-2024-0001",
"sourceIdentifier": "[email protected]",
"published": "2024-01-15T10:00:00Z",
"lastModified": "2024-01-16T14:30:00Z",
"description": "Detailed vulnerability description...",
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"cpe": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vendor:product:version:*:*:*:*:*:*:*",
"matchCriteriaId": "UUID",
"versionStartIncluding": "1.0",
"versionEndExcluding": "2.0"
}
],
"references": [
{
"url": "https://vendor.com/security/advisory",
"source": "[email protected]",
"tags": ["Vendor Advisory", "Patch"]
}
],
"kev": {
"dateAdded": "2024-01-20",
"knownRansomware": false,
"vendorProject": "Vendor Name",
"product": "Product Name",
"vulnerabilityName": "Product Name Remote Code Execution",
"requiredAction": "Apply patches immediately",
"dueDate": "2024-02-10",
"notes": "Active exploitation in the wild"
},
"epss": {
"score": 0.97234,
"percentile": 0.99,
"date": "2024-01-25"
}
}
CVE Object with ACSC data (?include=acsc):
{
"id": "CVE-2024-0001",
"published": "2024-01-15T10:00:00Z",
"lastModified": "2024-01-16T14:30:00Z",
"description": "Detailed vulnerability description...",
"cvss": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"kev": {
"dateAdded": "2024-01-20",
"knownRansomware": false
},
"epss": {
"score": 0.97234,
"percentile": 0.99,
"date": "2024-01-25"
},
"acsc": [
{
"id": "2024-critical-alert-001",
"title": "Critical Vulnerability Alert - Immediate Action Required",
"type": "alert",
"priority": "Critical",
"publishedDate": "2024-01-20T08:00:00Z",
"url": "https://cyber.gov.au/alerts/2024-critical-alert-001"
}
]
}
Minimal CVE Object (used in list responses):
{
"id": "CVE-2024-0001",
"published": "2024-01-15T10:00:00Z",
"lastModified": "2024-01-16T14:30:00Z",
"description": "Brief description...",
"cvss": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
}
CVE Object with ATT&CK data (?include=attack):
{
"id": "CVE-2021-44228",
"published": "2021-12-10T10:00:00Z",
"lastModified": "2021-12-14T14:30:00Z",
"description": "Apache Log4j2 JNDI vulnerability...",
"cvss": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"kev": {
"dateAdded": "2021-12-10",
"knownRansomware": true
},
"epss": {
"score": 0.97556,
"percentile": 0.99997,
"date": "2024-01-25"
},
"attack": {
"techniques": ["T1190", "T1059.007", "T1203", "T1210"]
}
}
KEV Entry
{
"cveId": "CVE-2023-12345",
"vendorProject": "Example Corp",
"product": "Example Product",
"vulnerabilityName": "Example Product Remote Code Execution",
"dateAdded": "2024-01-20",
"shortDescription": "A vulnerability allowing remote code execution...",
"requiredAction": "Apply patches from vendor immediately",
"dueDate": "2024-02-10",
"knownRansomware": true,
"notes": "Actively exploited by ransomware groups"
}
Pagination Object
Used in endpoints that return lists of items:
{
"limit": 20,
"hasMore": true,
"nextCursor": "eyJpZCI6IkNWRS0yMDI0LTAwMjAifQ==",
"totalEstimate": 1500
}
CVSS Object
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
EPSS Object
{
"score": 0.97234,
"percentile": 0.99,
"date": "2024-01-25"
}
ACSC Notice Object
{
"id": "2024-critical-alert-001",
"title": "Critical Vulnerability Alert",
"type": "alert",
"priority": "Critical",
"publishedDate": "2024-01-20T08:00:00Z",
"lastUpdated": "2024-01-21T10:00:00Z",
"url": "https://cyber.gov.au/alerts/2024-critical-alert-001",
"affectedProducts": ["Product A", "Product B"],
"summary": "Brief summary of the alert..."
}
ATT&CK Techniques Object
Returned when include=attack parameter is used:
{
"attack": {
"techniques": ["T1190", "T1059", "T1203", "T1210"]
}
}
The techniques array contains MITRE ATT&CK® technique IDs that represent how this vulnerability is commonly exploited by adversaries. Each technique ID corresponds to a specific attack pattern in the ATT&CK framework.
Field Selection
Many endpoints support field selection to reduce response size:
# Get only specific fields
GET /api/v1/cve/CVE-2024-0001?fields=id,cvss,kev
# Response will include only requested fields
{
"data": {
"cve": {
"id": "CVE-2024-0001",
"cvss": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"kev": {
"dateAdded": "2024-01-20",
"knownRansomware": false
}
}
},
"meta": {...}
}
Parameter-Based Data Inclusion
CyberSecFeed API uses parameter-based inclusion for enrichment data to optimize performance:
- Default responses: Include only core CVE data, KEV, and EPSS when available
- ACSC data: Only included when
include=acscparameter is used - Enrichment data: Only included when
include=enrichmentparameter is used - ATT&CK data: Only included when
include=attackparameter is used - Combined requests: Use
include=acsc,enrichment,attackto get all enrichment types
Null Values and Optional Fields
- Fields with no data are included as
null - Optional enrichment data (KEV, EPSS) is only included when available
- ACSC data is only included when explicitly requested via
include=acsc - ATT&CK data is only included when explicitly requested via
include=attack - Empty arrays are returned as
[] - Empty strings are returned as
""
Date and Time Format
All dates and times use ISO 8601 format in UTC:
- Date only:
2024-01-25 - Date and time:
2024-01-25T14:30:00Z
Numeric Values
- CVSS scores: Decimal numbers 0.0-10.0
- EPSS scores: Decimal numbers 0.0-1.0
- EPSS percentiles: Decimal numbers 0.0-1.0
- Counts and IDs: Integers
Boolean Values
Boolean fields use standard JSON boolean values:
truefalse
Never quoted as strings.