CVE Search Tools

API

National Vulnerability Database (NVD) API

Official Website	Provider	Notes
NVD Vulnerabilities	NIST (National Institute of Standards and Technology)	API key required, usage restrictions apply

Features

• Official and highly reliable
• Provides both CVSSv2 and v3 scores
• Free to use

Endpoint Example
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-YYYY-XXXXXXX

---

CIRCL CVE Search API

Official Website	Provider	Notes
CIRCL CVE Search	CIRCL (Computer Incident Response Center Luxembourg)

Features

• Open source, can be self-hosted
• Provides both CVSSv2 and v3 scores

Endpoint Example
https://cve.circl.lu/api/cve/CVE-YYYY-XXXXXXX

---

Vulners API

Official Website	Provider	Notes
Vulners API	Vulners	Paid plans available, limited free usage possible

Features

• Extensive vulnerability database
• Provides CVSSv2 and v3 scores

Endpoint Example
https://vulners.com/api/v3/search/lucene/?query=CVE-YYYY-XXXXXXX

---

Red Hat Security Data API

Official Website	Provider	Notes
Red Hat Security Data API	Red Hat

Features

• Specialized in CVEs related to Red Hat products
• Provides CVSSv2 and v3 scores

Endpoint Example
https://access.redhat.com/labs/securitydataapi/cve/CVE-YYYY-XXXXXXX.json

---

MITRE CVE API

Official Website	Provider	Notes
MITRE CVE Search	MITRE Corporation	CVSS scores often not included

Features

• Official source of CVE data
• Provides basic CVE information

Endpoint Example
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-XXXXXXX

---

VulDB API

Official Website	Provider	Notes
VulDB API	VulDB	Paid service

Features

• Provides extensive vulnerability information
• Includes CVSS scores, affected products, and remediation information

Endpoint Example
https://vuldb.com/?kb.api

---

Shodan API

Official Website	Provider	Notes
Shodan API	Shodan	Primarily paid, limited free plan available

Features

• Provides vulnerability information for internet-connected devices
• Offers information on actual vulnerable systems associated with CVEs

Endpoint Example
https://api.shodan.io/shodan/host/CVE-YYYY-XXXXXXX

---

OpenCVE API

Official Website	Provider	Notes
OpenCVE API	OpenCVE (Open source project)	Community-driven project

Features

• Collects and provides CVE information as an API
• Can be self-hosted

Endpoint Example
https://opencve.io/api/cve/CVE-YYYY-XXXXXXX

---

NIST National Checklist Program Repository API

Official Website	Provider	Notes
NIST NCP Repository	NIST	Rich in information related to U.S. government systems

Features

• Provides security configuration checklists and CVE information
• Focuses on U.S. government systems

Endpoint Example
https://nvd.nist.gov/ncp/repository/CVE-YYYY-XXXXXXX

---

Cybersecurity and Infrastructure Security Agency (CISA) API

Official Website	Provider	Notes
CISA API	U.S. Cybersecurity and Infrastructure Security Agency	No specific restrictions mentioned, but it's recommended to check before use

Features

• Provides vulnerability information related to critical infrastructure
• Focuses on CVEs deemed important from the U.S. government perspective

Endpoint Example
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

---

ExploitDB API

Official Website	Provider	Notes
ExploitDB API	Offensive Security	No specific restrictions mentioned, but it's recommended to check before use

Features

• Provides information on publicly available exploit code and related CVEs
• Aimed at penetration testers and security researchers

Endpoint Example
https://www.exploit-db.com/api

---

Rapid7 Open Data API

Official Website	Provider	Notes
Rapid7 Open Data API	Rapid7

Features

• Provides data on vulnerabilities, attacks, and other security-related information
• Offers detailed technical information related to CVEs

Endpoint Example
https://opendata.rapid7.com/

OSS

OpenCVE

Official Website	Provider	Notes	Stars
OpenCVE	opencve	v1 will soon be closed, and v2 will be released	~1800

Features

• OSS for collecting, analyzing, and displaying CVE information
• Provides Web interface and REST API
• Written in Python

---

CVE-Search

Official Website	Provider	Notes	Stars
CVE-Search	cve-search		~2300

Features

• Imports CVE, CPE, and CWE data and makes it searchable
• Uses MongoDB to store data
• Written in Python, provides Web interface and API

---

Dependency-Track

Official Website	Provider	Notes	Stars
Dependency-Track	DependencyTrack	No specific restrictions mentioned, but it's recommended to check before use	~2600

Features

• Component analysis platform for software supply chain
• Provides vulnerability data including CVE information
• Written in Java

---

nvdtools

Official Website	Provider	Notes	Stars
nvdtools	Facebook

Features

• Vulnerability database written in Go
• Parses NVD data and provides it in a user-friendly format
• Offers both CLI tools and libraries

---

OWASP Dependency-Check

Official Website	Provider	Notes	Stars
OWASP Dependency-Check	Individual		~6300

Features

• Scans project dependencies and detects known vulnerabilities
• Uses NVD database
• Written in Java but supports many languages and build tools

---

Grype

Official Website	Provider	Notes	Stars
Grype	Anchore		~8500

Features

• Vulnerability scanner for container images and filesystems
• Uses multiple vulnerability databases
• Written in Go

---

VulnerableCode

Official Website	Provider	Notes	Stars
VulnerableCode	Individual		~500

Features

• Aggregates vulnerability data from multiple sources
• Provides REST API and Web UI
• Written in Python/Django