API Documentation

Search 1M+ security documents across 110 sources. Get CVE details, EPSS scores, CISA KEV status, affected versions, and more.

Get API Key

Authentication

Create an API key from your Dashboard and pass it in the Authorization header:

Authorization: Bearer cvb_your_api_key

Free tier: 100 requests/day

Rate limit headers on every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Errors

// 401 — Invalid or missing API key
{"error": {"code": "invalid_api_key", "message": "Invalid or revoked API key"}}

// 429 — Rate limit exceeded
{"error": {"code": "rate_limit_exceeded", "message": "API key daily limit reached"}}

Endpoints

GET/api/search

Search vulnerabilities, exploits, advisories, detection rules, and research across 110 sources.

Parameters

qstringSearch query (required)

limitintResults per page (default 20, max 100)

offsetintPagination offset (default 0)

source_typestringFilter by source type: vulnerability, exploit, detection, advisory, threat_intel, research

rerankboolEnable cross-encoder reranking (default true)

Example

curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/search?q=log4shell&limit=5"

Response

{
  "query": "log4shell",
  "total": 26,
  "page": 1,
  "pages": 6,
  "elapsed_ms": 97.2,
  "results": [
    {
      "doc_id": "nvd:CVE-2021-44228",
      "source": "nvd",
      "source_type": "vulnerability",
      "title": "CVE-2021-44228: Apache Log4j2 2",
      "cve_ids": ["CVE-2021-44228"],
      "severity": "CRITICAL",
      "cvss_score": 10.0,
      "id_match": true,
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
    }
  ],
  "rate_limit": {"tier": "api_key", "limit": 100, "remaining": 99}
}

GET/api/cve/{cve_id}

Full CVE detail page: overview, enrichment (EPSS, KEV, exploits), affected versions, and all related documents grouped by source type.

Example

curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/cve/CVE-2021-44228"

Response

{
  "cve_id": "CVE-2021-44228",
  "severity": "CRITICAL",
  "cvss": 10.0,
  "overview": {
    "description": "Apache Log4j2 2.0-beta9 through 2.15.0...",
    "cwes": ["CWE-917"],
    "published_date": "2021-12-10"
  },
  "enrichment": {
    "epss": {"score": 0.976, "percentile": 0.999},
    "kev": {"in_kev": true, "date_added": "2021-12-10"},
    "exploit_available": true,
    "risk_level": "CRITICAL"
  },
  "affected_versions": [...],
  "total_documents": 239,
  "groups": {"exploit": [...], "detection": [...], ...}
}

GET/api/cve/{cve_id}/documents

Paginated documents for a CVE with optional source_type filter. Lighter than the full CVE endpoint.

Parameters

limitintResults per page (default 20, max 100)

offsetintPagination offset (default 0)

source_typestringFilter: exploit, detection, advisory, threat_intel, etc.

Example

curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/cve/CVE-2021-44228/documents?source_type=exploit&limit=5"

Response

{
  "cve_id": "CVE-2021-44228",
  "total": 49,
  "offset": 0,
  "limit": 5,
  "source_type_counts": {"exploit": 49, "detection": 102, ...},
  "results": [
    {
      "doc_id": "exploitdb:51183",
      "source": "exploitdb",
      "source_type": "exploit",
      "title": "Apache Log4j 2 - Remote Code Execution",
      "cve_ids": ["CVE-2021-44228"],
      "url": "https://www.exploit-db.com/exploits/51183"
    }
  ]
}

POST/api/cve/batch

Batch CVE enrichment. Returns overview, EPSS, KEV status, and affected versions for up to 100 CVEs. No documents — lightweight and fast.

Parameters

cve_idsstring[]Array of CVE IDs (max 100)

Example

curl -X POST -H "Authorization: Bearer cvb_xxx" \
  -H "Content-Type: application/json" \
  -d '{"cve_ids": ["CVE-2021-44228", "CVE-2023-44487", "CVE-2024-3094"]}' \
  "https://cvebase.io/api/cve/batch"

Response

{
  "count": 3,
  "results": [
    {
      "cve_id": "CVE-2021-44228",
      "overview": {"description": "...", "severity": "CRITICAL", "cvss_score": 10.0},
      "enrichment": {"epss": {"score": 0.976}, "kev": {"in_kev": true}, "risk_level": "CRITICAL"},
      "affected_versions": [{"ecosystem": "Maven", "package": "log4j-core", "fixed": "2.16.0"}]
    },
    ...
  ]
}

GET/api/trending

Current trending data: recent CISA KEV additions, top EPSS scores, exploit and in-the-wild counts.

Example

curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/trending"

Response

{
  "recent_kev": [{"cve_id": "CVE-2025-...", "vendor": "...", "date_added": "2025-04-01"}],
  "top_epss": [{"cve_id": "CVE-2025-...", "score": 0.97, "percentile": 0.99}],
  "total_kev": 1557,
  "exploited_in_wild_count": 1927,
  "exploit_available_count": 6873
}

GET/api/cve/{cve_id}/epss-history

EPSS score history for a specific CVE over time.

Parameters

daysintNumber of days (default 30, max 365)

Example

curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/cve/CVE-2021-44228/epss-history?days=90"

Response

{
  "cve_id": "CVE-2021-44228",
  "history": [
    {"date": "2026-01-05", "score": 0.976, "percentile": 0.999},
    {"date": "2026-01-06", "score": 0.975, "percentile": 0.999}
  ]
}

Common Workflows

Triage CVEs from a scanner

Send your scan results to the batch endpoint, get back severity, EPSS, KEV status, and fix versions. Sort by risk_level to prioritize.

# 1. Batch enrich CVEs from your scan
curl -X POST -H "Authorization: Bearer cvb_xxx" \
  -H "Content-Type: application/json" \
  -d '{"cve_ids": ["CVE-2021-44228", "CVE-2024-3094", "CVE-2023-44487"]}' \
  "https://cvebase.io/api/cve/batch"

# Returns: severity, EPSS, KEV, risk_level, affected_versions for each

Deep dive on a CVE

Get the overview first, then fetch specific document types — exploits, detection rules, advisories.

# 1. Overview + enrichment + affected versions
curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/cve/CVE-2021-44228"

# 2. Get exploit code
curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/cve/CVE-2021-44228/documents?source_type=exploit"

# 3. Get detection rules (Sigma, YARA, Suricata)
curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/cve/CVE-2021-44228/documents?source_type=detection"

Search across all sources

Semantic search across 1M+ documents. Filter by source type to narrow results.

# Search everything
curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/search?q=apache+struts+rce"

# Only detection rules
curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/search?q=log4j&source_type=detection"

Monitor trending threats

Track new CISA KEV additions, EPSS score changes, and exploit availability.

# What's hot today
curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/trending"

# CVEs with biggest EPSS jumps this week
curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/trending/epss-movers?days=7"

# Track a specific CVE over time
curl -H "Authorization: Bearer cvb_xxx" \
  "https://cvebase.io/api/cve/CVE-2024-3094/epss-history?days=90"

Source Types

vulnerability

NVD, GHSA, CVE List (vulnerability databases)

exploit

ExploitDB, Metasploit, PoC (exploit code)

detection

Sigma, Nuclei, YARA, Elastic (detection rules)

advisory

Vendor advisories (Microsoft, Cisco, etc.)

threat_intel

Blogs, threat reports, APT analysis

research

Wikipedia, academic, reference material

discussion

Mailing lists, forums, disclosure threads

framework

MITRE ATT&CK techniques