Vulners
ProductsAPIGuidesChangelog
Support
November 15, 2025

Real-Time Webhook Subscriptions for Vulnerability Alerts

Released November 15, 2025

This release introduces Webhook Subscriptions (v4), a push-based alerting system that delivers real-time notifications for new or updated vulnerabilities matching custom queries. By integrating directly with your SIEM, SOAR, or automation tools, these subscriptions eliminate polling overhead and enable instant response to emerging threats like zero-days, patches, and exploits. We've also enhanced the underlying web search engine for faster, more precise queries that power subscription triggers.

1. Full Webhook Subscription Support (v4 API)

Create subscriptions tied to any query type (Lucene, software, host/linux, etc.) and receive instant POST deliveries to your webhook URL.

Key endpoints

MethodEndpointPurpose
POST/api/v4/subscriptions/create/Create new subscription
GET/api/v4/subscriptions/list/List all your subscriptions
GET/api/v4/subscriptions/get/Get details by ID
PUT/api/v4/subscriptions/update/Modify query / delivery
DELETE/api/v4/subscriptions/delete/Remove subscription

Core features

  • Any saved query can be turned into a webhook subscription
  • Instant or scheduled (cron) delivery
  • Configurable payload fields (bulletin_fields) — send only what you need
  • Multiple timestamp triggers: published, modified (default), enriched, metricsUpdated, webApplicabilityUpdated, etc.
  • Optional send_empty_result: true for heartbeat-style scheduled checks

Full documentation: https://docs.vulners.com/docs/api/alerts/

2. Instant Notifications for New Vulnerabilities, Patches & Exploits

Alerts fire the moment a bulletin matching your query changes its relevant timestamp. Typical use cases:

  • “Notify me the second a CVE with CVSS ≥ 8.0 and public exploit appears”
  • “Alert when a patch is released for any software installed on our Ubuntu 22.04 fleet”
  • “Push new HackerOne disclosures for our vendor IDs to Slack”

Payload is lightweight JSON containing only the fields you requested, making it perfect for SIEM, SOAR, Slack, Teams, PagerDuty, etc.

3. Significantly Enhanced Web Search Engine

To make subscription triggers faster and more accurate we rolled out:

  • 35–50 % lower query latency on complex Lucene and host/software queries
  • Improved relevance ranking using exploit presence, EPSS, and darkweb mentions
  • Better handling of version ranges and ecosystem-specific semantics

Result: subscriptions now react faster and with higher precision than ever before.

All webhook subscription endpoints are live in production right now.
Legacy v3 polling remains available but we strongly recommend migrating to v4 webhooks.

New package audit API with upgraded Linux host auditingNovember 5, 2025
Complete design overhaul with new product structure and sectionsNovember 25, 2025
ProductsVulnerability IntelligenceAssessmentDatasetsAlertExploitsMCP
ResourcesDeveloper SDKAPI ReferenceOpenSource & ToolsChange LogSupport
CompanyPricingBlogContactsAbout
© Vulners inc. 2025