VulnCheck converts (vendor, product, version) queries and returns a best match CPE and PURL identifiers.
curl --request GET \
--url 'https://api.vulncheck.com/v3/identify?vendor=microsoft%20corporation&product=office%202016' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
[
{
"identity": {
"part": "a",
"vendor": "microsoft",
"product": "office",
"version": "2016",
"year": "2016"
},
"attributes": {
"update": "*",
"edition": "*",
"language": "*",
"sw_edition": "*",
"target_sw": "*",
"target_hw": "*",
"other": "*"
},
"normalized": {
"title": "Office 2016",
"version": "2016"
},
"identifiers": {
"cpe": [
{
"value": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"confidence": {
"level": "medium",
"source": "inference"
},
"aliases": []
}
],
"purl": []
},
"suggestions": {
"cpe": [],
"purl": []
},
"lifecycle": {
"created_at": "2025-09-12T16:53:23.307436"
}
}
]