Quickstart — Get started with Vulners API¶
Start here: quick access to API key, Python SDK, OpenAPI / Redoc docs and three basic API calls to begin using Vulners.
-
Getting an API key
Create an account on Vulners and generate an API key in your personal API Keys panel. Use this
X-Api-Keyheader to authenticate requests. -
Vulners Python SDK
Install the official Python SDK from PyPI and use it to call search, audit and archive methods with simple helpers:
pip install -U vulners. -
OpenAPI
Explore the full API surface with the REST playground / OpenAPI docs (try endpoints, see request/response shapes).
-
Redoc
Use Redoc-style interactive API reference if you prefer the three-panel OpenAPI layout (navigation, docs, examples). Redoc is a common OpenAPI renderer used across projects.
Below — three basic API methods to try quickly.
1. Search in database¶
The database search mirrors the Vulners website search and supports Lucene queries. Use this API to quickly find bulletins, CVEs, advisories, exploits and more.
Auth: X-Api-Key header required.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
query |
body | string | yes | Lucene query string |
skip |
body | integer | no | Offset |
size |
body | integer | no | Number of results |
fields |
body | array[string] | no | Fields to include in the response. Use ["*"] to request all fields. Omitting returns default subset. |
Usage:
Query:
POST /api/v3/search/lucene/
Query example:
curl -XPOST https://vulners.com/api/v3/search/lucene -H 'Content-Type: application/json' -H "X-Api-Key: YOUR_API_KEY" -d '{
"query": "Fortinet AND RCE order:published",
"skip": 0,
"size": 5,
"fields": [
"id",
"published",
"description",
"type",
"title",
"cvelist"]
}'
database_search_1 = vulners_api.search.search_bulletins_all(
"Fortinet AND RCE order:published", limit=5, fields=["published", "title", "description", "cvelist"])
[
{
"cvelist": ["CVE-2024-20674","CVE-2024-20677"],
"description": "Example response content (truncated)...",
"published": "2024-01-10T18:07:38",
"title": "Patch now! First patch Tuesday of 2024 is here"
}
]
2. Software Audit API (batch software audit)¶
Submit one or many software items (CPEs or objects) and receive matched vulnerabilities. This replaces older burp endpoints.
This method is available in the Vulners Python SDK starting from version 3.0.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
software |
body | array | yes | Array of software entries — either CPE objects or raw CPE strings. |
match |
body | enum | no | partial (default) or full. full requires exact match for all provided fields. |
fields |
body | array | no | Which vulnerability fields to return (defaults: title, short_description, type, href, published, modified, ai_score). |
Usage:
Query:
POST /api/v4/audit/software
Example with software objects:
curl -X POST https://vulners.com/api/v4/audit/software -H "X-Api-Key: YOUR_API_KEY" -H "Content-Type: application/json" -d '{
"software": [
{"vendor":"ivanti","product":"connect_secure","version":"22.7","update":"r2.4"},
{"vendor":"sonicwall","product":"SMA 200 firmware","version":"10.2.1.5-34sv"}
],
"match":"partial",
"fields":["title","short_description"]
}'
vulners_api.audit.software(
software=[{"part":"a","vendor":"ivanti","product":"connect_secure","version":"22.7","update":"r2.4"}],
fields=["title","short_description"], match='partial'
)
3. Get CVEs for OS + version (archive)¶
Download a prebuilt archive (zip) of CVEs for a specific OS and version. Useful for offline analysis or integrating CVE sets into scanners.
This method is available in the Vulners Python SDK starting from version 3.0.
Parameters:
| Name | In | Type | Required | Description |
|---|---|---|---|---|
os |
query | string | yes | OS name (e.g. ubuntu, debian) |
version |
query | string | yes | OS version (e.g. 23.04, 20.04) |
Usage:
Query:
GET /api/v3/archive/distributive/
Query example:
curl -G "https://vulners.com/api/v3/archive/distributive/" -H "X-Api-Key: YOUR_API_KEY" --data-urlencode "os=ubuntu" --data-urlencode "version=23.04" --output output_data.zip
vulners_api.archive.get_distributive("ubuntu", "23.04")