Audit¶
The Audit page describes Vulners’ host- and software-auditing APIs — fast, CPE-aware endpoints to convert installed software, OS versions and KB lists into actionable vulnerability intelligence: matched advisories, CVE lists, remediation commands and prioritized patch recommendations.
Open interactive specs
Software Audit API¶
Below are the audit endpoints which replace older burp endpoints.
Audit Multiple Software¶
Allows a batch submission of multiple software entries. Each entry can be provided either as a raw CPE string or as a CPE object (with the fields such as part, vendor, product, version, etc.). Additional attributes (like update, language, target_hw, etc.) may be included as needed.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
software |
body | array | yes | Array of software entries — either CPE objects (part/vendor/product/version/…) or raw CPE strings. |
match |
body | enum | no | partial (default) or full. full requires exact match for all provided fields. |
fields |
body | array | no | Which vulnerability fields to return (defaults: title, short_description, type, href, published, modified, ai_score) |
catalog |
body | enum | no | CPE catalog to match against. official (default) — only NVD CVE Dictionary CPEs. extended — NVD + Vulners custom CPEs (see note below). |
catalog: official vs extended
official— matches only CPEs published in the NVD CVE Dictionary. Strict and compatible with official CVE records; lowest false-positive rate.extended— adds Vulners custom-built CPEs on top of the official set. Covers software, libraries, and versions that aren't represented in NVD (common for OS packages, JS/Python libs, niche vendors). Higher coverage, but may introduce false positives — use when NVD gaps matter more than strict precision.
Response schema:
The endpoint returns a JSON array with one entry per submitted software item:
| Field | Type | Description |
|---|---|---|
input |
object | Echo of the submitted software entry. |
matched_criteria |
string | Canonical CPE 2.3 string the input resolved to. |
vulnerabilities |
array[object] | Matched vulnerabilities (see below). Empty if no matches. |
Each item in vulnerabilities always carries id and reasons, plus any optional fields requested via fields.
reasons[] — why a vulnerability matched:
| Field | Type | Description |
|---|---|---|
config |
string | Source of the match rule (e.g. nvd). |
criterias |
array[array] | OR-groups of AND-conditions. Outer array = OR, inner = AND. |
Each inner criterion object:
| Field | Type | Description |
|---|---|---|
criteria |
string | CPE 2.3 string the input matched against. |
vulnerable |
boolean | Whether this CPE is flagged as vulnerable. |
versionStartIncluding |
string | Lower bound, inclusive. Range-based rules only. |
versionStartExcluding |
string | Lower bound, exclusive. Range-based rules only. |
versionEndIncluding |
string | Upper bound, inclusive. Range-based rules only. |
versionEndExcluding |
string | Upper bound, exclusive. Range-based rules only. |
Fields controlled by the fields parameter (returned only when listed in fields):
| Field | Type | In defaults | Description |
|---|---|---|---|
title |
string | yes | Advisory title. |
short_description |
string | yes | One-line advisory summary. |
type |
string | yes | Advisory source type (e.g. cve, nessus, osv). |
href |
string | yes | URL to the advisory on vulners.com. |
published |
string | yes | ISO 8601 publication timestamp. |
modified |
string | yes | ISO 8601 last-modified timestamp. |
ai_score |
object | yes | AI-derived severity: value, uncertainty (both 0–10). |
metrics |
object | no | CVSS/EPSS metrics (cvss, cvss3, epss, …). |
exploitation |
object | no | Wild exploitation: wildExploited, wildExploitedSources. |
cvelist |
array[string] | no | CVE IDs covered by the advisory. |
Usage:
Query:
POST /api/v4/audit/software
Example with software objects:
curl -X POST https://vulners.com/api/v4/audit/software -H "X-Api-Key: YOUR_API_KEY" -H "Content-Type: application/json" -d '{
"software": [
{
"vendor": "ivanti",
"product": "connect_secure",
"version": "22.7",
"update": "r2.4"
},
{
"vendor": "sonicwall",
"product": "SMA 200 firmware",
"version": "10.2.1.5-34sv"
}
],
"match": "partial",
"fields": ["title", "short_description"]
}'
Software
software (array of objects or strings): Each item is either:
- An object, e.g.
{
"part": "a",
"vendor": "ivanti",
"product": "connect_secure",
"version": "22.7",
"update": "r2.4"
}
- A raw CPE string, e.g.
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4.
Additional attributes can also be included (e.g., update, language, target_hw) within the software objects; these are fully described in the CPE Usage in Vulners API section.
Example with raw CPE strings:
curl -X POST https://vulners.com/api/v4/audit/software -H "X-Api-Key: YOUR_API_KEY" -H "Content-Type: application/json" -d '{
"software": [
"cpe:2.3:a:ivanti:connect_secure:22.7:r2.4",
"cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.5-34sv"
],
"match": "partial"
}'
Example with software objects:
vulners_api.audit.software(
software=[
{
"part": "a",
"vendor": "ivanti",
"product": "connect_secure",
"version": "22.7",
"update": "r2.4"
},
{
"vendor": "sonicwall",
"product": "SMA 200 firmware",
"version": "10.2.1.5-34sv"
}
],
fields=["title", "short_description"],
match='partial'
)
Example with raw CPE strings:
vulners_api.audit.software(
software=[
"cpe:2.3:a:ivanti:connect_secure:22.3:sp1",
"cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.5-34sv"
],
fields=["title", "short_description"],
match='partial'
)
{
"input": {
"part": "a",
"vendor": "ivanti",
"product": "connect_secure",
"update": "r2.4",
"version": "22.7"
},
"matched_criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2025-0282",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"vulnerable": true
}
]
]
}
],
"title": "CVE-2025-0282",
"short_description": "Stack-based buffer overflow in Ivanti Connect Secure allows remote code execution by attackers."
},
{
"id": "CVE-2025-0283",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"vulnerable": true
}
]
]
}
],
"title": "CVE-2025-0283",
"short_description": "Stack buffer overflow in Ivanti products allows local attackers to escalate privileges before updates."
}
]
},
{
"input": {
"vendor": "sonicwall",
"product": "SMA 200 firmware",
"version": "10.2.1.5-34sv"
},
"matched_criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.5-34sv:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2022-2915",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"versionEndIncluding": "10.2.1.5-34sv"
}
]
]
}
],
"title": "CVE-2022-2915",
"short_description": "A Heap-based Buffer Overflow vulnerability in SonicWall SMA100 appliance allows remote authenticated attacker to cause Denial of Service"
},
{
"id": "CVE-2023-44221",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"versionEndIncluding": "10.2.1.9-57sv"
}
]
]
}
],
"title": "CVE-2023-44221",
"short_description": "Improper neutralization of special elements in SMA100 SSL-VPN management interface allows remote authenticated attacker to inject arbitrary commands"
},
{
"id": "CVE-2023-5970",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"versionEndIncluding": "10.2.1.9-57sv"
}
]
]
}
],
"title": "CVE-2023-5970",
"short_description": " Improper authentication in SMA100 SSL-VPN allows remote attacker to create identical external domain user using accent characters, resulting in MFA bypass"
},
{
"id": "CVE-2024-22395",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"versionEndExcluding": "10.2.1.11-65sv"
}
]
]
}
],
"title": "CVE-2024-22395",
"short_description": "Improper access control in SMA100 SSL-VPN virtual office portal"
}
]
}
Audit Host¶
This is a method for scanning multiple layers in one request. (There is no direct predecessor in older burp endpoints.)
Allows you to specify multiple software items plus additional filtering criteria that narrow down vulnerabilities to those relevant for a host environment.
In this endpoint, the parameters operating_system, hardware, and application serve as filters and are not treated as software entries.
At least one filter parameter (operating_system or application) is required.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
software |
body | array | yes | Array of software entries — either CPE objects (part/vendor/product/version/…) or raw CPE strings. |
operating_system |
body | object/string | conditional | OS filter (CPE or object). At least one of operating_system or application is required. |
application |
body | object/string | conditional | Application filter (e.g., WordPress) — used to limit results to application context. |
hardware |
body | object/string | no | Hardware/environment filter (CPE string or object). Use to narrow matches by target hardware/platform when applicable. |
match |
body | enum | no | partial (default) or full. full requires exact match for all provided fields. |
fields |
body | array | no | Which vulnerability fields to return (defaults: title, short_description, type, href, published, modified, ai_score) |
catalog |
body | enum | no | CPE catalog to match against: official (default, NVD only) or extended (NVD + Vulners custom CPEs). See catalog behavior under /audit/software for the trade-off. |
Important
For Audit Host, it is required to include at least one filter parameter (operating_system or application). These filters ensure that vulnerabilities are returned only for the host environment (based on OS, hardware, and/or application) and not for all provided software entries.
Response shape
The response shape is identical to /audit/software — an array of { input, matched_criteria, vulnerabilities[] }. The same fields parameter controls which optional vulnerability fields (metrics, exploitation, cvelist, …) are included. See the Response schema block under /audit/software for the full breakdown of reasons[] and the fields-gated properties.
Example 1: Windows + .NET
Scenario: This scenario sets Windows 10/11 as the operating system, and .NET Framework 4.8 as installed software.
Usage:
Query:
POST /api/v4/audit/host
Query example:
curl -X POST https://vulners.com/api/v4/audit/host \
-H "Content-Type: application/json" \
-H "X-Api-Key: YOUR_API_KEY" \
-d '{
"software": [ # (1)
{
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "3.6"
},
{
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "4.8.1"
}
],
"operating_system": { # (2)
"part": "o",
"vendor": "microsoft",
"product": "windows_server_2022_23h2"
},
"fields": ["title", "short_description"] # (3)
}'
-
software (array of objects or strings): Each item is either:
- An object, e.g.
{ "part": "a", "vendor": "ivanti", "product": "connect_secure", "version": "22.7", "update": "r2.4" }- A raw CPE string, e.g.
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4.
Additional attributes can also be included (e.g.,
update,language,target_hw) within the software objects; these are fully described in the CPE Usage in Vulners API section. -
- operating_system (object | string): OS-level software. Could be
cpe:2.3:o:microsoft:windows_10:21h2or parted fields. - application (object | string): Specifies a top-level application. This parameter is used as an additional filter and ensures that the returned vulnerabilities are not solely for software items. At least one of
operating_systemorapplicationmust be provided.
- operating_system (object | string): OS-level software. Could be
-
List of fields to retrieve for each vulnerability. If not specified, the default fields are used. Descriptions for specified fields can be found in default fields section.
- Defaults:
"title", "short_description", "type", "href", "published", "modified", "ai_score" - Available to include:
"metrics", "exploitation", "cvelist".
- Defaults:
vulners_api.audit.host(
software=[
{
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "3.6"
},
{
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "4.8.1"
}
],
operating_system={
"part": "o",
"vendor": "microsoft",
"product": "windows_server_2022_23h2"
},
fields=[
"title",
"short_description"
],
match="partial"
)
[
{
"input": {
"part": "a",
"vendor": "microsoft",
"product": ".NET Framework",
"version": "3.6"
},
"matched_criteria": "cpe:2.3:a:microsoft:.net_framework:3.6:*:*:*:*:*:*:*",
"vulnerabilities": []
},
{
"input": {
"part": "a",
"vendor": "microsoft",
"product": ".net_framework",
"version": "4.8.1"
},
"matched_criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2024-0056",
"title": "CVE-2024-0056",
"short_description": "CVE-2024-0056 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass ..."
},
{
"id": "CVE-2024-0057",
"title": "CVE-2024-0057",
"short_description": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability"
},
{
"...": "... other vulnerabilities truncated ..."
}
]
}
]
Example 2: Linux + Curl/SSH
Scenario: This scenario sets Red Hat Enterprise Linux as the OS, plus two installed packages (curl and OpenSSH).
Usage:
Query:
POST /api/v4/audit/host
Query example:
curl -X POST https://vulners.com/api/v4/audit/host -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"software": [
{
"part": "a",
"vendor": "haxx",
"product": "libcurl",
"version": "8.8"
},
{
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "8.5"
}
],
"operating_system": {
"part": "o",
"vendor": "redhat",
"product": "enterprise_linux",
"version": "9.4"
},
"fields": [
"title",
"short_description"
],
"match": "partial" # (1)
}'
"partial"(default): Relaxed matching. For example, ifupdateortarget_hwis not specified, vulnerabilities can still match partial criteria."full": Strict matching. All specified attributes must match exactly (includingupdate,language, etc.). If any field (liketarget_hw) is missing in the vulnerability listing or in your request, it won’t match.
vulners_api.audit.host(
software=[
{
"part": "a",
"vendor": "haxx",
"product": "libcurl",
"version": "8.8"
},
{
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "8.5"
}
],
operating_system={
"part": "o",
"vendor": "redhat",
"product": "enterprise_linux",
"version": "9.4"
},
fields=[
"title",
"short_description"
],
match="partial"
)
[
{
"input": {
"part": "a",
"vendor": "haxx",
"product": "libcurl",
"version": "8.8"
},
"matched_criteria": "cpe:2.3:a:haxx:libcurl:8.8:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2024-6874",
"title": "CVE-2024-6874",
"short_description": "CVE-2024-6874 macidn punycode buffer overread in libcurl url function"
},
{
"id": "CVE-2024-7264",
"title": "CVE-2024-7264",
"short_description": "libcurl ASN1 parser `GTime2str()` function vulnerability"
},
{
"...": "... other vulnerabilities truncated ..."
}
]
},
{
"input": {
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "8.5"
},
"matched_criteria": "cpe:2.3:a:openbsd:openssh:8.5:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2024-6387",
"title": "CVE-2024-6387",
"short_description": "Security regression in OpenSSH server (sshd). Race condition ..."
},
{
"id": "CVE-2020-14145",
"title": "CVE-2020-14145",
"short_description": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy ..."
},
{
"...": "... other vulnerabilities truncated ..."
}
]
}
]
Example 3: WordPress + Plugin
Scenario: This scenario sets WordPress as the application filter plus a Yoast SEO plugin as installed software.
Usage:
Query:
POST /api/v4/audit/host
Query example:
curl -X POST https://vulners.com/api/v4/audit/host -H "X-Api-Key: YOUR_API_KEY" -H "Content-Type: application/json" -d '{
"software": [
{
"part": "a",
"vendor": "yoast",
"product": "yoast seo",
"version": "3.4"
}
],
"application": {
"part": "a",
"vendor": "wordpress",
"product": "wordpress"
},
"fields": ["title", "short_description"]
}'
vulners_api.audit.host(
software=[
{
"part": "a",
"vendor": "yoast",
"product": "yoast seo",
"version": "20.4"
}
],
application= {
"part": "a",
"vendor": "wordpress",
"product": "wordpress"
},
fields=[
"title",
"short_description"
],
match="partial"
)
{
"input": {
"part": "a",
"vendor": "yoast",
"product": "yoast seo",
"version": "20.4"
},
"matched_criteria": "cpe:2.3:a:yoast:yoast_seo:20.4:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "PATCHSTACK:D15EC4814FA577180898B6C415B337D4",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:typo3:*:*",
"vulnerable": true,
"versionEndIncluding": "20.4"
}
]
]
}
],
"title": "WordPress Yoast SEO Premium Plugin <= 20.4 is vulnerable to Broken Access Control",
"short_description": "WordPress Yoast SEO Premium Plugin <= 20.4 vulnerability: Broken Access Control"
},
{
"id": "CVE-2023-40680",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "21.0"
}
]
]
}
],
"title": "CVE-2023-40680",
"short_description": "CVE-2023-40680: Stored XSS in Team Yoast Yoast SEO"
},
{
"id": "CVE-2023-28775",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "20.5"
}
]
]
}
],
"title": "CVE-2023-28775",
"short_description": "Yoast SEO Premium Missing Authorization Vulnerability"
},
{
"id": "CVE-2024-4041",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "22.5"
}
]
]
}
],
"title": "CVE-2024-4041",
"short_description": "The Yoast SEO plugin for WordPress has Reflected Cross-Site Scripting vulnerability"
},
{
"id": "CVE-2024-4984",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "22.6"
}
]
]
}
],
"title": "CVE-2024-4984",
"short_description": "Yoast SEO plugin vulnerability allows injection of arbitrary web script"
}
]
}
Example 4: WordPress + Plugin + Linux
Scenario: This scenario sets Debian Linux as operating_system, WordPress as application, and a popular plugin (Woocommerce Pre-Orders) as installed software.
Usage:
Query:
POST /api/v4/audit/host
Query example:
curl -X POST https://vulners.com/api/v4/audit/host -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"software": [
{
"part": "a",
"vendor": "woocommerce",
"product": "woocommerce_pre-orders",
"version": "2.0"
}
],
"operating_system": {
"part": "o",
"vendor": "debian",
"product": "debian_linux",
"version": "11"
},
"application": {
"part": "a",
"vendor": "wordpress",
"product": "wordpress"
},
"fields": [
"title",
"short_description"
],
"match": "partial"
}'
vulners_api.audit.host(
software=[
{
"part": "a",
"vendor": "woocommerce",
"product": "woocommerce_pre-orders",
"version": "2.0"
}
],
operating_system={
"part": "o",
"vendor": "debian",
"product": "debian_linux",
"version": "11"
},
application= {
"part": "a",
"vendor": "wordpress",
"product": "wordpress"
},
fields=[
"title",
"short_description"
],
match="partial"
)
[
{
"input": {
"part": "a",
"vendor": "woocommerce",
"product": "woocommerce_pre-orders",
"version": "2.0"
},
"matched_criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:2.0:*:*:*:*:*:*:*",
"vulnerabilities": [
{
"id": "CVE-2023-32793",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "2.0.0"
}
]
]
},
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "2.0.0"
}
]
]
}
],
"title": "CVE-2023-32793",
"short_description": "Auth. Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <=\u00a02.0.0 versions"
},
{
"id": "PATCHSTACK:E2F81C0D4E183BAF40E850AA31186ED1",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndIncluding": "2.0.0"
}
]
]
}
],
"title": "WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)",
"short_description": "WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 Cross-Site Scripting Vulnerability. Low Severit"
},
{
"id": "CVE-2023-3507",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
},
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
}
],
"title": "CVE-2023-3507",
"short_description": "The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-order"
},
{
"id": "CVE-2023-3508",
"reasons": [
{
"config": "nvd",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
},
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
}
],
"title": "CVE-2023-3508",
"short_description": " WooCommerce Pre-Orders WordPress plugin 2.0.3 CSRF vulnerability"
},
{
"id": "WPVDB-ID:C431878C-8BCA-4688-9C6B-1C9E871A6A7B",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.2"
}
]
]
}
],
"title": "WooCommerce Pre-Orders < 2.0.2 - Reflected XSS",
"short_description": "WooCommerce Pre-Orders plugin < 2.0.2 - Reflected XSS, unescaped URLs in attribute"
},
{
"id": "WPVDB-ID:064C7ACB-DB57-4537-8A6D-32F7EA31C738",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
}
],
"title": "WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF",
"short_description": "Flawed CSRF check in WooCommerce Pre-Orders < 2.0.3 allows unauthorized actions"
},
{
"id": "WPVDB-ID:E72BBE9B-E51D-40AB-820D-404E0CB86EE6",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.3"
}
]
]
}
],
"title": "WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF",
"short_description": "WooCommerce Pre-Orders < 2.0.3 flawed CSRF allows arbitrary pre-order canceling"
},
{
"id": "WPVDB-ID:A86BDCFB-A1DB-4775-8F30-8EEC3F53A77A",
"reasons": [
{
"config": "vulners",
"criterias": [
[
{
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre\\-orders:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"versionEndExcluding": "2.0.1"
}
]
]
}
],
"title": "WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS",
"short_description": "WooCommerce Pre-Orders plugin vulnerability Stored XSS"
}
]
}
]
Deprecated Endpoints¶
Deprecated
The following endpoints remain operational for now but are slated for future removal:
POST /api/v3/burp/softwareapi/POST /api/v3/burp/packages/
Use the new /api/v4/audit/ endpoints instead:
POST /api/v4/audit/softwarePOST /api/v4/audit/host
Package Audit API¶
The Package Audit API processes dependency lists from your project's package manager output and cross-references them against Vulners' vulnerability database. It identifies vulnerable packages, suggests fixed versions, and lists applicable advisories with version match ranges.
Supported package managers:
| Manager | Endpoint | Input format | Example input source |
|---|---|---|---|
| Maven | /api/v4/audit/package/maven |
Maven dependency list (text/plain) | mvn dependency:list |
| Pip | /api/v4/audit/package/pip |
Pip freeze output (text/plain) | pip freeze |
| Poetry | /api/v4/audit/package/poetry |
Poetry lock file content (text/plain) | cat poetry.lock |
| NPM | /api/v4/audit/package/npm |
package-lock.json content (text/plain) | cat package-lock.json |
| Golang | /api/v4/audit/package/golang |
Go modules list (text/plain) | go list -m all |
Response format:
All endpoints return a consistent JSON structure:
result.issues: Array of vulnerable packagespackage: Package nameversion: Current versionfixedVersion: Recommended safe versionscopes: Dependency scopes (e.g., "test", "main")applicableAdvisories: Matching vulnerabilities with IDs and version ranges
If no issues found, issues is an empty array.
Auth: X-Api-Key header required.
Maven audit¶
Usage:
Query:
POST /api/v4/audit/package/maven
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/maven \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(mvn -B -q dependency:list -DoutputFile=/dev/stdout)"
{
"result": {
"issues": [
{
"package": "junit:junit",
"version": "4.12",
"fixedVersion": "4.13.1",
"scopes": [
"test"
],
"applicableAdvisories": [
{
"id": "OSV:GHSA-269G-PWP5-87PP",
"match": ">=4.7,<4.13.1"
}
]
}
]
}
}
Pip audit¶
Usage:
Query:
POST /api/v4/audit/package/pip
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/pip \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(pip freeze)"
{
"result": {
"issues": [
{
"package": "notebook",
"version": "4.2.0",
"fixedVersion": "6.1.5",
"scopes": [
"main"
],
"applicableAdvisories": [
{
"id": "OSV:PYSEC-2018-17",
"match": ">=0,<5.7.1"
},
{
"id": "OSV:PYSEC-2018-18",
"match": ">=0,<5.7.2"
},
{
"id": "OSV:PYSEC-2020-215",
"match": ">=0,<6.1.5"
}
]
}
]
}
}
Poetry/uv audit¶
Usage:
Query:
POST /api/v4/audit/package/poetry
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/poetry \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(cat poetry.lock)"
{
"result": {
"issues": [
{
"package": "notebook",
"version": "4.2.0",
"fixedVersion": "6.1.5",
"scopes": [
"main"
],
"applicableAdvisories": [
{
"id": "OSV:PYSEC-2018-17",
"match": ">=0,<5.7.1"
},
{
"id": "OSV:PYSEC-2018-18",
"match": ">=0,<5.7.2"
},
{
"id": "OSV:PYSEC-2020-215",
"match": ">=0,<6.1.5"
}
]
}
]
}
}
Query:
POST /api/v4/audit/package/uv
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/uv \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(cat uv.lock)"
{
"result": {
"issues": [
{
"package": "notebook",
"version": "4.2.0",
"fixedVersion": "6.1.5",
"scopes": [
"main"
],
"applicableAdvisories": [
{
"id": "OSV:PYSEC-2018-17",
"match": ">=0,<5.7.1"
},
{
"id": "OSV:PYSEC-2018-18",
"match": ">=0,<5.7.2"
},
{
"id": "OSV:PYSEC-2020-215",
"match": ">=0,<6.1.5"
}
]
}
]
}
}
Npm audit¶
Usage:
Query:
POST /api/v4/audit/package/npm
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/npm \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(cat package-lock.json)"
{
"result": {
"issues": [
{
"package": "@babel/helpers",
"version": "7.26.0",
"fixedVersion": "7.26.10",
"scopes": [
"main"
],
"applicableAdvisories": [
{
"id": "OSV:GHSA-968P-4WVH-CQC8",
"match": ">=0,<7.26.10"
}
]
},
{
"package": "nuxt",
"version": "3.15.2",
"fixedVersion": "3.19.0",
"scopes": [
"main"
],
"applicableAdvisories": [
{
"id": "SNYK:JS-NUXT-12878602",
"match": ">=3.6.0,<3.19.0"
}
]
}
]
}
}
Golang audit¶
Usage:
Query:
POST /api/v4/audit/package/golang
Example:
curl -XPOST https://vulners.com/api/v4/audit/package/golang \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: text/plain" \
-d "$(go list -m all)"
{
"result": {
"issues": [
]
}
}
SBOM Audit¶
Audit software components from an uploaded SBOM (Software Bill of Materials). Vulners parses the SBOM, extracts components, matches them to known packages/versions, and returns applicable advisories enriched with CVSS/EPSS/AI scoring when available.
Auth: X-Api-Key header required.
Content-Type: multipart/form-data
Form field: file (SBOM JSON)
Supported formats
- SPDX (v2.x) — JSON
- CycloneDX (v1.x) — JSON
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
file |
form | file | yes | SBOM file in SPDX/CycloneDX JSON. |
Response schema:
Each entry in result.data describes one component extracted from the SBOM:
| Field | Type | Description |
|---|---|---|
package |
string | Component name. |
version |
string | Component version reported by the SBOM. |
fixedVersion |
string | null | Latest known fixed version, if any. |
applicableAdvisories |
array[object] | Matching advisories (see below). Empty array if none. |
Each advisory in applicableAdvisories:
| Field | Type | Description |
|---|---|---|
id |
string | Advisory identifier (e.g. OSV:..., USN-..., DSA-...). |
match |
string | Version range that matched (e.g. >=3.11.0,<3.11.5). |
registry |
string | Package registry: deb, apk, rpm, maven, pypi, bitnami, … |
distro |
array[string] | null | OS distribution scope, e.g. ["ubuntu", "ubuntu-22.04"]. |
arch |
array[string] | null | Architectures, e.g. ["amd64", "arm64"]. |
classifier |
array[string] | null | Ubuntu-only labels — see note below. |
type |
string | Advisory source type (e.g. osv, ubuntu, debian). |
title |
string | Short advisory title. |
description |
string | Advisory description. |
published |
string | ISO 8601 publication timestamp. |
epss |
array[object] | Per-CVE EPSS entries: cve, epss, percentile, date. |
aiScore |
object | AI-derived severity: value, uncertainty. |
metrics |
object | CVSS/EPSS metrics for the advisory. |
exploitation |
object | Wild exploitation: wildExploited, wildExploitedSources. |
references |
array[string] | Advisory reference URLs. |
cvelist |
array[string] | CVE IDs covered by this advisory. |
distro, arch, and classifier are null when the advisory isn't scoped that way (non-OS advisories, architecture-agnostic advisories, non-Ubuntu advisories). The classifier field is currently only populated for Ubuntu advisories, with values drawn from candidate, unofficial, transitive.
Usage:
Query:
POST /api/v4/audit/sbom
Example:
curl -X POST "https://vulners.com/api/v4/audit/sbom" \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Accept: application/json" \
-F "file=@/path/to/sbom.json"
Replace YOUR_API_KEY with your Vulners API key and /path/to/sbom.json with the path to your SBOM file.
On success, the endpoint returns a JSON object with a result envelope containing the matched components under data, plus a summaryId and totalPackages count. Components with no matches are returned with an empty applicableAdvisories array.
{
"result": {
"data": [
{
"package": "python",
"version": "3.11.4",
"fixedVersion": "3.15.0",
"applicableAdvisories": [
{
"id": "OSV:BIT-PYTHON-2023-41105",
"match": ">=3.11.0,<3.11.5",
"registry": "bitnami",
"distro": null,
"arch": null,
"classifier": null,
"type": "osv",
"title": "BIT-PYTHON-2023-41105",
"description": "An issue was discovered in Python 3.11 through 3.11.4 ...",
"published": "2024-10-04T16:35:59",
"epss": [
{
"cve": "CVE-2023-41105",
"epss": 0.00363,
"percentile": 0.57892,
"date": "2026-02-27"
}
],
"aiScore": {
"value": 7.3,
"uncertainty": 0.2
},
"metrics": {
"cvss": {
"score": 7.5,
"severity": "HIGH",
"version": "3.1",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"source": "nvd"
},
"epss": ["CVE-2023-41105"]
},
"exploitation": {
"wildExploited": false,
"wildExploitedSources": []
},
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-41105"
],
"cvelist": ["CVE-2023-41105"]
},
{
"id": "USN-6891-1",
"match": "<3.11.6-0ubuntu1",
"registry": "deb",
"distro": ["ubuntu", "ubuntu-22.04"],
"arch": ["amd64", "arm64"],
"classifier": ["candidate", "transitive"],
"type": "ubuntu",
"title": "Python vulnerabilities",
"description": "Several issues were fixed in Python.",
"published": "2024-06-20T00:00:00",
"epss": [],
"aiScore": { "value": 6.8, "uncertainty": 0.4 },
"metrics": {
"cvss": {
"score": 7.5,
"severity": "HIGH",
"version": "3.1",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"source": "ubuntu"
},
"epss": []
},
"exploitation": {
"wildExploited": false,
"wildExploitedSources": []
},
"references": [
"https://ubuntu.com/security/notices/USN-6891-1"
],
"cvelist": ["CVE-2023-41105"]
}
]
},
{
"package": "Simple Launcher",
"version": "1.1.0.14",
"fixedVersion": null,
"applicableAdvisories": []
}
],
"summaryId": "8e46a7a2c5943fe9914369e20a54c615",
"totalPackages": 8
}
}
Errors
- 401 Unauthorized — missing/invalid
X-Api-Key. - 403 Forbidden — IP not allowed or insufficient license scope.
- 400 Bad Request — invalid/unsupported SBOM format or malformed JSON.
Best practices
- Validate SPDX/CycloneDX JSON before upload.
- Include PURLs and consistent package identifiers to improve matching.
- Use
metrics.cvssandepssto prioritize remediation. - Narrow results by
registry,distro, andarchwhen audit output covers multiple ecosystems; useclassifierto filter Ubuntu-specific labels (candidate,unofficial,transitive).
Windows Audit¶
Audit Windows via KB¶
Quick audit of Windows hosts by OS version + installed KB list. Good for patch status checks.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
os |
body | string | yes | OS name/version (e.g., Windows Server 2012 R2) |
kbList |
body | array[string] | yes | Array of installed KB IDs (e.g., ["KB5009586","KB5009624"]). |
Usage:
Query:
POST /api/v3/audit/kb/
Query example:
curl -XPOST https://vulners.com/api/v3/audit/kb/ -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"os": "Windows Server 2012 R2", # (1)
"kbList": ["KB5009586", "KB5009624", "KB5008230", "KB5007247", "KB5005693", "KB5007205", "KB5003646"]
# (2)
}'
-
OS version can be obtained from systeminfo
-
Installed KBs is also via systeminfo or via wmic qfe list.
win_vulners = vulners_api.audit.kb_audit(
os="Windows Server 2016", kb_list=["KB5009586", "KB5009624", "KB5008230", "KB5007247", "KB5005693", "KB5007205", "KB5003646"])
need_2_install_kb = win_vulners['kbMissed']
affected_cve = win_vulners['cvelist']
[
"KB5000803",
"KB5017095",
"KB5011495",
"KB5003638",
"KB5009546",
"KB5012596",
"KB5004948",
"KB5001347",
"KB5007192",
"KB5004238",
"KB5010359",
"KB5014702",
"KB5016622",
"KB4601318",
"KB5005573",
"KB5008207",
"KB5006669",
"KB5012170",
"KB5015808",
"KB5005043",
"KB5013952",
"KB5003197"
]
[ "CVE-2021-36942",
"CVE-2021-31958",
"CVE-2022-34302",
"CVE-2022-30166",
"CVE-2022-22002",
"CVE-2021-1640",
"CVE-2021-24111",
"CVE-2022-26832",
"CVE-2021-33757",
"CVE-2021-41361",
"CVE-2021-36938",
"CVE-2020-1036",
"CVE-2021-42279",
"CVE-2022-34303",
"CVE-2021-28318",
"CVE-2020-1472",
"CVE-2022-21897",
"CVE-2021-38667",
"CVE-2021-31959",
"CVE-2021-34481",
"CVE-2022-30154",
"CVE-2021-34459",
"CVE-2022-23293",
"CVE-2020-17049",
"CVE-2020-26784",
"CVE-2022-22048",
"CVE-2021-33779",
"CVE-2021-43893",
"CVE-2022-26784",
"CVE-2021-26419",
"CVE-2021-34527",
"CVE-2022-35822",
"CVE-2022-34301",
"CVE-2022-30138",
"CVE-2021-26411"
]
Audit installed KBs and software¶
Use quick audit of Windows hosts for installed security KB and software. Windows audit requires OS version, a list of installed updates (KB) and a list of installed software, CPE parts such as target_sw, sw_edition, and platform can be used to improve accuracy.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
os |
body | string | yes | OS name (e.g., windows). |
os_version |
body | string | yes | OS version string (e.g., 10.0.19045). |
kb_list |
body | array | yes | Installed KB IDs. |
software |
body | array | no | Installed software list with optional CPE-like attributes. |
platform |
body | string | no | Applies target_hw to all software entries if provided. |
Possible values for CPE parameters:
*: Includes all values, both those containing - or * and without."-": Filters results to exclude specified values."software_name": Includes results with this value and any values containing*.
Defaults:
- platform:
arm64if not explicitly specified. - target_sw:
windowsif not explicitly specified
Usage:
Query:
POST /api/v3/audit/winaudit/
Query example:
curl -XPOST https://vulners.com/api/v3/audit/winaudit/ -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"os": "windows",
"os_version": "10.0.19045",
"kb_list": ["KB5009586", "KB5009624", "KB5008230", "KB5007247", "KB5005693", "KB5007205", "KB5003646"],
# (1)
"software": [ # (2)
{"software": "7-Zip", "version": "19.00", "sw_edition": "home_premium", "target_sw": "windows", "target_hw": "x64", "update": "sp1", "language": "en"},
{"software": "Git", "version": "2.33.0.2", "target_sw": "windows", "target_hw": "x64"},
{"software": "Notepad++", "version": "8.4.6", "target_sw": "windows", "target_hw": "x64"},
{"software": "Microsoft OneDrive", "version": "22.227.1030.0001", "sw_edition": "home_premium", "target_sw": "windows", "target_hw": "x64"},
{"software": "VMware Fusion", "version": "13.1", "target_sw": "windows", "target_hw": "x64"}
]
}'
-
List of installed updates (KB), which can be gathered via commands
systeminfoorwmic qfe list. -
List of installed software and version information, with optional CPE parameters for further refinement. Read more
kb = ["KB5009586", "KB5009624", "KB5008230", "KB5007247", "KB5005693", "KB5007205", "KB5003646"]
software = [{'software': '7-Zip', 'version': '19.00', 'sw_edition': 'home_premium', 'target_sw': 'windows', 'target_hw': 'x64', 'update': 'sp1', 'language': 'en'},
{'software': 'Git', 'version': '2.33.0.2', 'target_sw': 'windows', 'target_hw': 'x64'},
{'software': 'Notepad++', 'version': '8.4.6', 'target_sw': 'windows', 'target_hw': 'x64'},
{'software': 'Microsoft OneDrive', 'version': '22.227.1030.0001', 'sw_edition': 'home_premium', 'target_sw': 'windows', 'target_hw': 'x64'},
{'software': 'VMware Fusion', 'version': '13.1', 'target_sw': 'windows', 'target_hw': 'x64'}
]
os_name = 'windows'
os_version = '10.0.19045'
report = vulners_api.audit.win_audit(os=os_name, os_version=os_version, kb_list=kb, software=software)
- package: The name of the software package.
- published: The date when the bulletin was published.
- bulletinID: The ID of the bulletin associated with the CVEs.
- cvelist: List of CVE IDs linked to the package.
- cvss: CVSS score and severity level of the vulnerabilities.
- fix: Suggested update or patch to fix the issue.
[
{
"package": "windows 11 version 22h2",
"published": "2024-09-10",
"bulletinID": "MS:CVE-2024-38254",
"cvelist": ["CVE-2024-38254"],
"cvss": {
"score": 6.2,
"severity": "MEDIUM"
},
"fix": "Install KB5043076 update"
},
{
"package": "windows 11 version 23h2",
"published": "2024-09-10",
"bulletinID": "MS:CVE-2024-38257",
"cvelist": ["CVE-2024-38257"],
"cvss": {
"score": 7.5,
"severity": "HIGH"
},
"fix": "Install KB5043076 update"
},
{
"package": "windows 11 version 23h2",
"published": "2024-07-09",
"bulletinID": "MS:CVE-2024-38517",
"cvelist": ["CVE-2024-38517"],
"cvss": {
"score": 7.8,
"severity": "HIGH"
},
"fix": "Install KB5040442 update"
}
]
Windows KB superseding/parentseeding¶
Refer to this if you need more information about KB after the previous method. Superseded information will be returned as a dictionary with two fields: superseeds, parentseeds.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
id |
body | string | yes | KB identifier (e.g., KB4524135). |
fields |
body | string | yes | Include superseeds and/or parentseeds. |
Usage:
Query:
POST /api/v3/search/id/
Query example:
curl -XPOST https://vulners.com/api/v3/search/id/ -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"id": "KB4524135",
"fields": [
"superseeds", # (1)
"parentseeds" # (2)
]
}'
-
Superseeds means "what KB are covered by this KB".
-
Parentseeds means "what KB are covering this KB".
seeds = vulners_api.search.get_kb_seeds("KB4524135")
{
"superseeds": [
"KB3021952",
"KB4103768",
"KB2699988",
"KB3100773",
"KB931768",
"KB4466536",
"KB4343205",
"KB896688",
"KB4462949",
"KB2977629",
"KB2817183",
"KB972260",
"KB4457426",
"KB980182",
"KB929969",
"KB4470199",
"KB2544521",
"KB4511872",
"KB2744842",
"KB2879017",
"KB2497640",
"KB2360131",
"KB4025252",
"KB2829530",
"KB4047206",
"KB3093983",
"KB4507434",
"KB4056568",
"KB960714",
"KB2530548",
"KB3203621",
"KB833989",
"KB2761451",
"KB3139929",
"KB4339093",
"KB4483187",
"KB969897",
"KB910620",
"KB942615",
"KB956390",
"KB937143",
"KB4052978",
"KB2416400",
"KB4018271",
"KB2987107",
"KB2870699",
"KB982381",
"KB2183461",
"KB2586448",
"KB958215",
"KB963027",
"KB2862772",
"KB4012204",
"KB4036586",
"KB3175443",
"KB933566",
"KB947864",
"KB2647516",
"KB4486474",
"KB944533",
"KB2976627",
"KB4074736",
"KB2792100",
"KB905915",
"KB922760",
"KB4489873",
"KB883939",
"KB2797052",
"KB2909212",
"KB4230450",
"KB3003057",
"KB4092946",
"KB2963952",
"KB978207",
"KB4034733",
"KB939653",
"KB976325",
"KB3154070",
"KB4040685",
"KB3038314",
"KB928090",
"KB2675157",
"KB4493435",
"KB3197655",
"KB896727",
"KB3034196",
"KB3049563",
"KB3032359",
"KB2618444",
"KB974455",
"KB938127",
"KB2838727",
"KB3148198",
"KB3191492",
"KB3170106",
"KB2559049",
"KB2809289",
"KB3058515",
"KB4014661",
"KB4516046",
"KB950759",
"KB925486",
"KB3036197",
"KB3124275",
"KB2799329",
"KB3008923",
"KB3078071",
"KB953838",
"KB3065822",
"KB2722913",
"KB4021558",
"KB3104002",
"KB912812",
"KB918899",
"KB2482017",
"KB3160005",
"KB2962872",
"KB4096040",
"KB916281",
"KB3185319",
"KB3087038",
"KB4480965",
"KB2761465",
"KB4089187",
"KB2846071",
"KB890923",
"KB4503259",
"KB4498206",
"KB3134814"
],
"parentseeds": [
"KB4571687",
"KB4534251",
"KB4540671",
"KB4586768",
"KB4519974",
"KB4525106",
"KB4530677",
"KB4556798",
"KB4565479",
"KB4561603",
"KB4537767",
"KB4550905",
"KB4577010"
]
}
Get the list of Windows KB updates with download urls¶
Search Microsoft Catalog entries for KBs and return catalog URLs.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
query |
body | string | yes | Lucene query, e.g. type:msupdate AND kb:(KB4524135) |
skip |
body | int | no | Offset (default 0). |
size |
body | int | no | Limit (default 100). |
Usage:
Query:
POST /api/v3/search/lucene/
Query example:
curl -XPOST https://vulners.com/api/v3/search/lucene/ -H "X-Api-Key: YOUR_API_KEY" -H 'Content-Type: application/json' -d '{
"query": "type:msupdate AND kb:(KB4524135)",
"skip": 0,
"size": 100,
"fields": [
"id",
"title",
"description",
"type",
"bulletinFamily",
"cvss",
"published",
"modified",
"lastseen",
"href",
"sourceHref",
"sourceData",
"cvelist"]
}'
microsoft_updates_for_kb = vulners_api.search.get_kb_updates("KB4524135")
updates_download_links = [update.get('href') for update in microsoft_updates_for_kb]
[
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=ef31383a-7932-441a-a626-f0a145cc422a",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=18552c40-7e36-4f15-960a-9717a4912af1",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=375f016c-b4ac-4d71-9dee-8095427a3c86",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=2ca3d95f-1ecb-4850-aeb4-afb63cd6374a",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=72890150-da44-47b2-b1b5-7dce2d5d1a30",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=fba96f27-5955-45e1-82e5-ad350b4627e0",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=9668152f-78a1-44f9-a229-38e86189703a",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=e08d28ef-d685-412c-b0bc-8cc26bf899c3",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=a22dcbac-485a-4834-8556-fee2e437ab9b",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=db62995c-3814-4fd7-a481-dc285f0640e2",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=16216817-6043-4587-a803-9b3a9f3a58cc",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=393d67e1-8827-4c6d-9187-b6320a9a03bc",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=b18abca1-c8ec-4e43-9fa0-cc2b2a518304",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=96c42c78-234b-4ae7-b097-be0eb8ac6f25",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=63cc9ae6-6d02-4936-8b77-b976b440ff25",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=2661795f-8beb-468f-9c4f-0de83724a90f"
]
Linux Audit¶
Analyze installed Linux packages (RPM, DEB, APK) and match them against Vulners vulnerability database. This endpoint is intended for fast, batch auditing of package lists exported from servers, containers or build images.
Supported systems¶
Fetch all currently supported operating systems. These values are used as inputs for the audit request below.
Auth: X-Api-Key header required.
Parameters: None
Usage:
Query:
GET /api/v3/audit/getSupportedOS
Query example:
curl -G "https://vulners.com/api/v3/audit/getSupportedOS" -H "X-Api-Key: YOUR_API_KEY"
Audit Linux hosts¶
Check installed packages against known vulnerabilities and retrieve matching advisories.
Quick notes:
- Accepts package lists collected from RPM (RHEL/CentOS/OL), DEB (Debian/Ubuntu) and APK (Alpine) ecosystems.
- packages is the main required field - provide one package per line or as an array of package strings. The endpoint supports up to 2500 package entries per request.
- Provide osName and osVersion when possible for the most accurate matching; if omitted, the service performs best-effort matching based on package metadata.
- cvelistMetrics is available only for non-free / trial licenses and adds additional aggregated metrics to the response.
Auth: X-Api-Key header required.
Request body parameters:
| Field | Type | Required | Description |
|---|---|---|---|
packages |
array[string] | yes | List of packages (strings). Each item should be the package name with version and, if applicable, arch. Min 1 / Max 2500 entries. |
osName |
string | no (recommended) | OS name or ID (ubuntu, debian, rhel, ol, alpine, etc.). |
osVersion |
string | no (recommended) | OS version (e.g. 22.04, 7, 8.6, ...). |
osArch |
string | no | OS architecture (e.g. x86_64, aarch64) — used as default arch for packages when not specified. |
includeUnofficial |
boolean | no | If true, include matches from unofficial sources (third‑party repos). Default: false. |
includeCandidates |
boolean | no | If true, include "candidate" findings (lower confidence or tentative matches). Default: false. |
includeAnyVersion |
boolean | no | If true, include vulnerabilities that match any version (broad/less strict matching). Default: false. |
cvelistMetrics |
boolean | no | Add additional CVE list metrics — available for non‑free/trial licenses. Default: false. |
Usage:
Query:
POST /api/v4/audit/linux
Query example:
curl -sS -X POST "https://vulners.com/api/v4/audit/linux" \
-H "Content-Type: application/json" \
-H "X-Api-Key: YOUR_API_KEY" \
--data-binary @- << 'JSON'
{
"osName": "ubuntu",
"osVersion": "22.04",
"packages": [
"bash 5.1-6ubuntu1.2 amd64",
"openssl 3.0.2-0ubuntu1.10 amd64",
"nginx 1.18.0-0ubuntu1 amd64"
],
"includeUnofficial": false,
"includeCandidates": false,
"includeAnyVersion": false,
"cvelistMetrics": false
}
JSON
api.audit.linux_audit(
os_name="ubuntu",
os_version="22.04",
packages=[
"bash 5.1-6ubuntu1.2 amd64",
"openssl 3.0.2-0ubuntu1.10 amd64",
"nginx 1.18.0-0ubuntu1 amd64"
],
include_unofficial=False,
include_candidates=False,
include_any_version=False,
)
{
"result": {
"issues": [
{
"package": "nginx 1.18.0-0ubuntu1 amd64",
"fixedPackage": "nginx_1.18.0-6ubuntu14.7_noarch.deb",
"applicableAdvisories": [
{
"id": "USN-5371-2",
"operator": "lt",
"version": "1.18.0-6ubuntu14.1"
},
{
"id": "USN-5722-1",
"operator": "lt",
"version": "1.18.0-6ubuntu14.3"
},
{
"id": "UB:CVE-2024-7347",
"operator": "lt",
"version": "1.18.0-6ubuntu14.5"
},
{
"id": "USN-7014-1",
"operator": "lt",
"version": "1.18.0-6ubuntu14.5"
},
{
"id": "USN-7285-1",
"operator": "lt",
"version": "1.18.0-6ubuntu14.6"
},
{
"id": "USN-7715-1",
"operator": "lt",
"version": "1.18.0-6ubuntu14.7"
}
]
},
{
"package": "openssl 3.0.2-0ubuntu1.10 amd64",
"fixedPackage": "openssl_3.0.2-0ubuntu1.20_noarch.deb",
"applicableAdvisories": [
{
"id": "USN-6450-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.12"
},
{
"id": "USN-6622-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.14"
},
{
"id": "USN-6663-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.15"
},
{
"id": "USN-6854-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.16"
},
{
"id": "USN-6937-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.17"
},
{
"id": "UB:CVE-2024-6119",
"operator": "lt",
"version": "3.0.2-0ubuntu1.18"
},
{
"id": "USN-6986-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.18"
},
{
"id": "UB:CVE-2024-9143",
"operator": "lt",
"version": "3.0.2-0ubuntu1.19"
},
{
"id": "USN-7278-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.19"
},
{
"id": "USN-7786-1",
"operator": "lt",
"version": "3.0.2-0ubuntu1.20"
}
]
}
],
"errors": []
}
}