We are introducing the VulnCheck V4 API, a new generation of API endpoints designed around a structured query interface with first-class filter parameters.
The V4 API launches with the following advisory endpoints:
GET /v4/advisory — Query the VulnCheck advisory index across all feeds. Supports rich filtering by CVE ID, vendor, product, platform, version, CPE, PURL, package name, reference URL, reference tag, description language, and date ranges. Both page-based and cursor-based pagination are supported.GET /v4/advisory/list — Returns the list of available advisory feed names with pre-built query links.The V4 API also launches with two backup endpoints:
GET /v4/backup — Returns the list of advisory feeds for which a backup can be requested, including availability status and last written timestamp.GET /v4/backup/{feed} — Returns pre-signed S3 download URLs (multi-region and direct) for a specific feed's backup zip. URLs expire after 15 minutes.The V4 API includes an unauthenticated OpenAPI specification endpoint:
GET /v4/openapi — Returns the full OpenAPI 3.0 JSON specification for all V4 API endpoints. No authentication required.Full documentation is available in the V4 API section.