Vulners¶

Fast, reliable vulnerability intelligence — accessible via a single, predictable REST API.
Full-text search across advisories, CVEs and package metadata, automated host audits, and shareable vulnerability collections — all available via a single, predictable REST API.

Get started: Get an API key • Read the spec (Redoc) • Try it (Swagger UI)

Why Vulners?¶

Search everything — full-text + fielded queries across advisories, vendor bulletins, package metadata and CVEs.
Automated audits — scan hosts/images against installed packages and KBs; get prioritized remediation guidance.
Curated collections — create and share focused sets of advisories (by product, compliance, or custom rules).
Integrations & SDKs — ready examples and SDKs to plug Vulners results into CI, SIEM and ticketing workflows.

Core concepts¶

Record — a single vulnerability/advisory entry (CVE, vendor bulletin, etc.).
Collection — a curated set of records or rules you can reuse and share.
Audit — a report for a host or image that maps installed packages to known vulnerabilities and suggested fixes.
Search model — Lucene-style query language + structured filters (see Concepts → Search model).
OpenAPI — the canonical machine spec lives in docs/assets/openapi.yaml and is rendered via Redoc (read) and Swagger UI (interactive).

See the full concepts and field glossary: Concepts → Data model

Quick example — Search¶

Replace <YOUR_KEY> with your values.

curl Python requests Python Response

Query:

POST /api/v3/search/lucene/

Query example:

curl -XPOST https://vulners.com/api/v3/search/lucene -H 'Content-Type: application/json' -H "X-Api-Key: YOUR_API_KEY" -d '{
"query": "Fortinet AND RCE order:published", 
"skip": 0, 
"size": 5, 
"fields": [
    "id", 
    "published", 
    "description", 
    "type", 
    "title", 
    "cvelist"]
}'

import os, requests

API_KEY = os.getenv("VULNERS_API_KEY")
resp = requests.post(
    "https://vulners.com/api/v3/search/lucene",
    headers={
      "X-Api-Key": API_KEY,
      "Content-Type": "application/json"
    },
    json={"query": "Fortinet AND RCE order:published", "size": 5},
)
resp.raise_for_status()
print(resp.json())

database_search_1 = vulners_api.search.search_bulletins_all(
    "Fortinet AND RCE order:published", limit=5,  fields=["published", "title", "description", "cvelist"])

{
  "total": 312,
  "results": [
    {
      "id": "VULN-2024-0001",
      "title": "Fortinet FortiOS RCE",
      "published": "2024-06-01T12:00:00Z",
      "cvelist": ["CVE-2024-20674"],
      "description": "Remote code execution in FortiOS ..."
    },
    {
      "id": "VULN-2024-0002",
      "title": "FortiSIEM command injection",
      "published": "2024-05-22T08:30:00Z",
      "cvelist": ["CVE-2024-12345"],
      "description": "An unauthenticated command injection ..."
    }
  ]
}

Read the API — two ways¶

Read-friendly: Reference — rendered with Redoc for easy browsing of endpoints, schemas, and examples.
Interactive: Try it — Swagger UI for experimenting with requests.
Human method notes — split by area for quick operational guidance:
- Search
- Collections
- Audit
- Notifications
- Reporting