API Resources

GET
/v3/cpe

Request vulnerabilities related to a CPE

Based on the specified CPE (Common Platform Enumeration) URI string, this endpoint will return a list of vulnerabilities that are related to the package. We support v2.2 and v2.3

Path Parameters

cpe
string required
CPE scheme using either the v2.2 or v2.3 format
isVulnerable
boolean
Returns only CVEs associated with a CPE where the CPE is considered vulnerable.
By default the API will return all CVEs in which the CPE is mentioned, whether the CPE is the source of the vulnerability or not. For example, cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:* is listed in many CVEs as part of a vulnerable configuration, but only one where the the device itself is inherently vulnerable.
isVulnerable=true - Return only the CVEs where the CPE is vulnerable.

Example Requests

curl --request GET \
    --url https://api.vulncheck.com/v3/cpe?cpe=cpe:/a:microsoft:internet_explorer:8.0.6001:beta \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

Response

{
  "_benchmark": 0.09967,
  "_meta": {
    "cpe": "cpe:/a:microsoft:internet_explorer:8.0.6001:beta",
    "cpe_struct": {
      "part": "a",
      "vendor": "microsoft",
      "product": "internet_explorer",
      "version": "8\\.0\\.6001",
      "update": "beta",
      "edition": "*",
      "language": "*",
      "sw_edition": "*",
      "target_sw": "*",
      "target_hw": "*",
      "other": "*"
    },
    "timestamp": "2023-09-11T15:03:41.041475537Z",
    "total_documents": 15
  },
  "data": [
    "CVE-2008-4127",
    "CVE-2010-0246",
    "CVE-2010-0248",
    "CVE-2010-0494",
    "CVE-2002-2435",
    "CVE-2012-1545",
    "CVE-2010-0027",
    "CVE-2010-5071",
    "CVE-2010-0492",
    "CVE-2010-1117",
    "CVE-2010-0245",
    "CVE-2010-0490",
    "CVE-2009-2433",
    "CVE-2011-2383",
    "CVE-2010-0244"
  ]
}