Collections¶
This page documents archive/collection-related endpoints: retrieving CVE archives per OS, fetching published collections from the CDN, and getting collection updates from the database. All examples use API key authentication via the X-Api-Key header.
Open interactive specs
List available collections¶
Return the full list of collections available in Vulners, each with a short description, current record count, and last-updated timestamp. Useful for LLM agents and integrators discovering valid type values before calling /api/v4/archive/collection or /api/v4/archive/collection-update.
Auth: X-Api-Key header required.
Parameters:
None.
Returns an object with a single result array. Entries are sorted by count from largest collection to smallest. All timestamps are UTC.
Usage:
Query:
GET /api/v4/search/collections
Query example:
curl -sS "https://vulners.com/api/v4/search/collections" -H "X-Api-Key: YOUR_API_KEY" --compressed
{
"result": [
{
"type": "openbugbounty",
"description": "OpenBugBounty is a community-driven platform that catalogs security advisories and vulnerabilities reported by researchers across various vendors and products.",
"count": 1261610,
"last_updated": "2025-07-23T13:56:00"
},
{
"type": "cve",
"description": "The CVE collection from MITRE provides a comprehensive list of publicly disclosed vulnerabilities across various vendors, OS, and products, including CVEs and related advisories.",
"count": 354266,
"last_updated": "2026-05-10T08:16:08"
},
{
"type": "exploitdb",
"description": "ExploitDB is a database of exploits and vulnerable software, primarily focusing on various applications and operating systems, providing detailed advisories and proof-of-concept code.",
"count": 47833,
"last_updated": "2026-05-07T00:00:00"
}
]
}
Get CVEs for os+version¶
Download a prebuilt archive (zip) of CVEs for a specific OS and version.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
os |
query | string | yes | OS name (e.g. ubuntu, debian) |
version |
query | string | yes | OS version (e.g. 23.04, 20.04) |
Usage:
Query:
GET /api/v3/archive/distributive/
Query example:
curl -G "https://vulners.com/api/v3/archive/distributive/" -H "X-Api-Key: YOUR_API_KEY" \
--data-urlencode "os=ubuntu" \
--data-urlencode "version=23.04" \
--output output_data.zip
vulners_api.archive.get_distributive("ubuntu", "23.04")
Full archive
Get collection by name¶
This method is available in the Vulners Python SDK starting from version 3.0.
Fetch the full collection archive file (records) for a named collection from the CDN. Collections are updated on the CDN every 4 hours; records are sorted by timestamps.updated (newest → oldest). Timestamps are UTC.
Streaming response
Unlike the rest of the v4 API, archive endpoints do not return JSON-wrapped responses. The server either streams gzipped NDJSON (one bulletin per line, Content-Encoding: gzip, Content-Type: application/x-ndjson or application/gzip) or responds with 302 Redirect to a CDN-hosted gzipped NDJSON URL. Free-tier API keys receive 403 Forbidden.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
type |
query | string | yes | Collection type name (see available collections on the Vulners stats page, e.g. exploitdb) |
Returns list of records from the collection archive stored on CDN. These archives are updated every 4 hours.
The records in response are sorted by timestamps.updated from newest to oldest. All timestamps are in UTC.
Usage:
Query:
GET /api/v4/archive/collection/
Query example:
curl -GOJL "https://vulners.com/api/v4/archive/collection/" -H "X-Api-Key: YOUR_API_KEY" \
--data-urlencode "type=exploitdb"
vulners_api.archive.fetch_collection(type='exploitdb')
[
{'id': 'EDB-ID:20048', ... 'timestamps.updated': '2025-05-21T13:14:26.791000+00:00', ...},
{'id': 'EDB-ID:18781', ... 'timestamps.updated': '2025-05-21T13:14:26.648000+00:00', ...},
{'id': 'EDB-ID:30807', ... 'timestamps.updated': '2025-05-21T11:54:55.905000+00:00', ...},
{'id': 'EDB-ID:31180', ... 'timestamps.updated': '2025-05-21T11:54:55.150000+00:00', ...},
...,
{'id': 'EDB-ID:46363', ... 'timestamps.updated': '2025-04-02T20:47:28+00:00', ...}
]
Get collection update by name¶
Note: This method is available in the Vulners Python SDK starting from version 3.0.
Get recently updated records for a collection directly from the database. Useful for incremental synchronization.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
type |
query | string | yes | Collection type name (e.g. exploitdb) |
after |
query | string (ISO 8601) | yes | Return records updated after this UTC timestamp. Must not be more than 25 hours from the current time. Example: 2025-05-21T13:14:26 |
Returns list of records for the collection directly from the database.
The records in responce are sorted by timestamps.updated from newest to oldest. All timestamps are in UCT.
Usage:
Query:
GET /api/v4/archive/collection-update/
Query example:
curl -GOJL "https://vulners.com/api/v4/archive/collection-update/" -H "X-Api-Key: YOUR_API_KEY" \
--data-urlencode "type=exploitdb" \
--data-urlencode "after=2025-05-21T13:14:26" \
vulners_api.archive.fetch_collection_update(type='exploitdb', after="2025-05-21T13:14:26")
[
{'id': 'EDB-ID:30632', ... 'timestamps.updated': '2025-05-21T14:59:28.854000+00:00', ...},
{'id': 'EDB-ID:4779', ... 'timestamps.updated': '2025-05-21T14:04:18.852000+00:00', ...},
{'id': 'EDB-ID:4779', ... 'timestamps.updated': '2025-05-21T14:04:18.852000+00:00', ...}
]
Get collection state¶
Return the current sync cursor and metadata for a CDN-cached collection. Pair with Get collection update by name to drive incremental syncs.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
type |
query | string | yes | Collection type name (see available collections on the Vulners stats page, e.g. exploitdb) |
Usage:
Query:
GET /api/v4/archive/collection-state/
Query example:
curl -G "https://vulners.com/api/v4/archive/collection-state/" -H "X-Api-Key: YOUR_API_KEY" \
--data-urlencode "type=exploitdb"
{
"result": {
"cursor": "2025-05-21T13:14:26Z",
"upload_time": "2025-05-21T13:18:00Z",
"write_time": "2025-05-21T13:14:30Z",
"total_docs": 47238
}
}
Get collection family¶
Like Get collection by name, but selects a family of collections by name instead of a single collection type. Streaming response shape is identical (gzipped NDJSON, optionally redirect).
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
name |
query | string | yes | Collection family identifier |
Usage:
Query:
GET /api/v4/archive/family/
Query example:
curl -GOJL "https://vulners.com/api/v4/archive/family/" -H "X-Api-Key: YOUR_API_KEY" \
--data-urlencode "name=exploits"
Streaming gzipped NDJSON (or 302 redirect to a CDN URL). One bulletin JSON object per line.
Get collection family update¶
Like Get collection update by name, but selects a family of collections instead of a single collection type. Records are sorted newest → oldest. after must not be more than 25 hours from the current time.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
name |
query | string | yes | Collection family identifier |
after |
query | string (ISO 8601) | yes | Return records updated after this UTC timestamp (≤ 25 h in the past) |
Usage:
Query:
GET /api/v4/archive/family-update/
Query example:
curl -GOJL "https://vulners.com/api/v4/archive/family-update/" -H "X-Api-Key: YOUR_API_KEY" \
--data-urlencode "name=exploits" \
--data-urlencode "after=2025-05-21T13:14:26"
Streaming gzipped NDJSON. One bulletin JSON object per line.
Get collection family state¶
Return the current sync cursor and metadata for a collection family. Equivalent to Get collection state but scoped to a family rather than a single collection.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
name |
query | string | yes | Collection family identifier |
Usage:
Query:
GET /api/v4/archive/family-state/
Query example:
curl -G "https://vulners.com/api/v4/archive/family-state/" -H "X-Api-Key: YOUR_API_KEY" \
--data-urlencode "name=exploits"
{
"result": {
"cursor": "2025-05-21T13:14:26Z",
"upload_time": "2025-05-21T13:18:00Z",
"write_time": "2025-05-21T13:14:30Z",
"total_docs": 102441
}
}