What changed:
Community users are now limited to 1,000 requests per minute.
When exceeded, requests return a descriptive HTTP 429 response.
Why it matters:
- Helps maintain platform stability and consistent performance for all users.
- Provides clear feedback for implementers to add backoff / retry behavior.
Customer impact:
Community developers should ensure they handle 429 responses with backoff logic.
What’s new:
Added POST support to https://api.vulncheck.com/v3/index/{index} for index querying to improve CVE query workflows.
Why it matters:
- Supports large/complex queries without URL length limitations.
- Reduces risk of failures from oversized GET requests.
- Enables bulk enrichment workflows and more scalable automation patterns for integrations (SIEM/SOAR/vuln management).
Identity mapping metaindex now available to EVI customers at https://api.vulncheck.com/v3/index/cves_identity_mappings
What is it?:
New meta index correlating CVEs with non-CVE identifiers across ecosystems.
Currently includes mappings for:
- EUVD
- GHSA
- Additional regional identifier coverage planned.
Why it matters
- Simplifies cross-database correlation and reduces duplicate tracking.
- Improves enrichment workflows for global programs handling multiple vulnerability identity systems.
What shipped:
Expanded MITRE & CAPEC support, including:
attack-patterncourse-of-actionx-mitre-data-source- Enriched relationships into VulnCheck/NVD-linked data.
- Improved labeling & filtering for botnets and ransomware.
- Full CVSS coverage: v2, v3, v3.1, v4.
- Added CWE weakness data for deeper analysis.
Why it matters:
- Enables richer attack-path and technique analysis inside OpenCTI.
- Improves campaign identification and threat hunting workflows.
- Increases scoring and reporting flexibility via normalized CVSS coverage.
- Supports weakness trend analysis for AppSec and product security teams.