Vulners
ProductsAPIGuidesChangelog
Support
November 5, 2025

New Package Audit API with Upgraded Linux Host Auditing

Released November 5, 2025

This release introduces the Package Audit API (v4) — a modern, ecosystem-native set of endpoints for auditing software dependencies across the most popular languages and package managers. At the same time, we’ve significantly upgraded the classic agentless Linux host auditing endpoint with better accuracy, broader distro support, and native JSON input.

Both features are built for DevSecOps, SBOM validation, CI/CD pipelines, and large-scale fleet scanning.

1. Brand-New Package Audit API (v4)

Dedicated POST endpoints that accept raw output from your package manager — no manual JSON crafting required.

EcosystemEndpointAccepted Input Example
Maven (Java)/api/v4/audit/package/mavenmvn dependency:list output
Pip/api/v4/audit/package/pippip freeze or requirements.txt
Poetry/api/v4/audit/package/poetrypoetry.lock content
NPM/api/v4/audit/package/npmpackage-lock.json content
Go/api/v4/audit/package/golanggo list -m all output

Highlights

  • Up to 5 000 packages per request
  • Sub-second response times
  • Precise fixedVersion recommendations
  • Vulners Risk Score, CVSS, EPSS, exploit flags, patch links
  • JSON output ready for GitHub Actions, Jenkins, Trivy, etc.

Documentation → https://docs.vulners.com/docs/api/audit/#package-audit-api

2. Upgraded Agentless Linux Host Auditing (v4)

The classic Linux audit endpoint is now faster and far more accurate.

Supported distros

  • RPM-based (RHEL, CentOS, Rocky, AlmaLinux, Fedora, openSUSE)
  • DEB-based (Ubuntu, Debian)
  • APK-based (Alpine Linux)

Key improvements

  • Native JSON input (no more plain-text guessing)
  • Full epoch, multi-arch, and source/binary package support
  • 35 % reduction in false positives
  • 25 % higher matching precision for kernels and modules
  • Optional includeUnofficial and includeCandidates flags

Quick example (JSON input)

curl -X POST "https://vulners.com/api/v4/audit/linux/" \
  -H "X-Api-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "osName": "ubuntu",
    "osVersion": "22.04",
    "osArch": "amd64",
    "packages": [
      {"name": "libssl3", "version": "3.0.2-0ubuntu1.10"},
      {"name": "nginx", "version": "1.18.0-6ubuntu14.3"}
    ]
  }'
Major robots updates & OSV database upgradeOctober 15, 2025
Real-time webhook subscriptions for vulnerability alertsNovember 15, 2025
ProductsVulnerability IntelligenceAssessmentDatasetsAlertExploitsMCP
ResourcesDeveloper SDKAPI ReferenceOpenSource & ToolsChange LogSupport
CompanyPricingBlogContactsAbout
© Vulners inc. 2025