oanor
Sign up free
Marketplace Pricing Features Sign in

API · /cve-api

CVE Vulnerability API

healthy 4,918 Subscribers

Look up software vulnerabilities by their CVE identifier and get clean, structured details — title, description, CVSS score, severity and vector, CWE weakness types, affected vendors and products with version ranges, and reference links — plus search every CVE that affects a given vendor or product, and stream the most recently published CVEs. Sourced from the CIRCL CVE Search service over the official CVE Record 5.1 data and returned as tidy JSON through a fast, reliable API. Ideal for vulnerability management and SOC tooling, DevSecOps and SCA pipelines, security dashboards, compliance and asset-risk monitoring.

#cve #vulnerability #security #cvss #infosec #data
api.oanor.com/cve-api
Get an API key Try in playground → Contact provider

Machine-readable spec so AI agents can integrate this API.

/api/cve-api/openapi.json
/api/cve-api/llms.txt

Discovery: GET /api/index.json lists every API.

API health

healthy
Uptime
100.00%
Server probes · 24h
Avg latency
176 ms
Server probes · 24h
Subscribers
4,918
active
Total calls
12
last 7 days
status Full status page → · 12 probes/24h

Pricing

Pick a tier — billed monthly, cancel anytime.

Free

Free

  • 1,500 calls / month
  • 1 requests / second
  • Hard cap (429 above quota, no overage)
  • 1,500 requests/month, 1 req/s
  • CVE lookup, search & recent
  • CVSS, CWE & affected products
  • No credit card
Sign in to subscribe

Basic

€4.00 /month

  • 25,000 calls / month
  • 5 requests / second
  • Hard cap (429 above quota, no overage)
  • 25,000 requests/month, 5 req/s
  • Vendor/product search
  • Severity, vector & references
  • Commercial use, email support
Sign in to subscribe

Pro

€16.00 /month

  • 150,000 calls / month
  • 15 requests / second
  • Hard cap (429 above quota, no overage)
  • 150,000 requests/month, 15 req/s
  • High-volume vuln management
  • DevSecOps & SCA pipelines
  • Priority email support
Sign in to subscribe

Mega

€40.00 /month

  • 600,000 calls / month
  • 40 requests / second
  • Hard cap (429 above quota, no overage)
  • 600,000 requests/month, 40 req/s
  • SOC & security-platform scale
  • Maximum concurrency
  • Priority support
Sign in to subscribe

Built by

P
PremiumApi

Related APIs

Other APIs with overlapping tags.

Bcrypt API

Hash and verify passwords with bcrypt, server-side. Generate a salted bcrypt hash at a cost factor you choose (4–14), check a plaintext password against an existing hash, or inspect a hash to read its bcrypt version, cost factor and salt. Fully compatible with bcrypt hashes from PHP ($2y$), Node, Python and others, so you can verify and migrate existing credentials. Pure server-side computation with no third-party upstream, so it is always available — and it offloads the deliberately CPU-intensive hashing work from your own servers. Ideal for adding password authentication, credential migration, auth tooling, testing and no-code backends.

api.oanor.com/bcrypt-api

TOTP / 2FA API

Add and test two-factor authentication without wrangling a crypto library. Generate a fresh base32 secret with a ready-to-scan otpauth URI, compute the current time-based one-time code (RFC 6238), verify a code submitted by a user with an adjustable drift window, or build an otpauth:// URI for any secret. Supports SHA-1, SHA-256 and SHA-512, 6 to 8 digits and a custom period, and is fully compatible with Google Authenticator, Authy, 1Password and other authenticator apps. Pure server-side computation with no third-party upstream, so responses are instant and the service is always available. Ideal for adding 2FA to apps, authentication tooling, QA and testing, and no-code automation.

api.oanor.com/totp-api

JWT API

A fast, fully-local JSON Web Token toolkit: sign a JSON payload into a JWT, verify a token signature together with its exp and nbf claims using a constant-time comparison, and decode a token header and payload without verifying. Supports the HMAC algorithms HS256, HS384 and HS512, automatically adds the iat claim and an exp claim from expires_in. Built on Node crypto and secrets are never logged, so responses are instant, private and always available. Every endpoint accepts input via the query string or the request body. Ideal for authentication, API gateways, session and token tooling, microservices and webhooks.

api.oanor.com/jwt-api

MIME API

A fast, fully-local MIME and file-type toolkit: look up the MIME type, charset and category for a filename or extension, list every file extension registered for a MIME type, and detect a file's real type from its leading magic bytes (over 40 signatures, including RIFF container disambiguation for WEBP, WAV and AVI), accepting hex or base64 input. Every endpoint accepts input via the query string or the request body. Pure server-side compute, no third-party upstream, so responses are instant and always available. Ideal for upload validation, security (verify a file's real type against its claimed extension), CDNs and content pipelines.

api.oanor.com/mime-api

Frequently asked questions

Quick answers about pricing, quotas, and integration.

How do I get an API key for CVE Vulnerability API?
Sign up for free at oanor.com, generate an API key from the developer dashboard, and call CVE Vulnerability API with the x-oanor-key header. No credit card needed for the free tier.
What's the rate limit for CVE Vulnerability API?
Free tier allows 1 request per second. Paid plans scale up to 50 requests per second on the Mega tier. Hard limits return HTTP 429 above the quota — no surprise overage charges.
How much does CVE Vulnerability API cost?
CVE Vulnerability API has a free tier with 100 calls / month. Paid plans start at €4.00 / month with higher quotas and faster rate limits.
Can I cancel my subscription anytime?
Yes. Plans are billed monthly and you can cancel anytime from your billing dashboard. No long-term contracts and no cancellation fee.
Is CVE Vulnerability API GDPR-compliant?
All requests to CVE Vulnerability API go through our EU-based gateway. Your upstream API key never leaves our server and no personal data is shared with the upstream provider beyond the request you send.

Pick an endpoint from the list on the left to see its details and try it.

Code snippets

Sign up to get an API key, then call any path under your slug.

curl https://api.oanor.com/cve-api/SOME_PATH \
  -H "x-oanor-key: oanor_test_..."
const res = await fetch("https://api.oanor.com/cve-api/SOME_PATH", {
  headers: { "x-oanor-key": "oanor_test_..." }
});
const data = await res.json();
$ch = curl_init("https://api.oanor.com/cve-api/SOME_PATH");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["x-oanor-key: oanor_test_..."]);
$response = curl_exec($ch);
import requests
r = requests.get(
    "https://api.oanor.com/cve-api/SOME_PATH",
    headers={"x-oanor-key": "oanor_test_..."},
)
print(r.json())

Ratings

Sign in to rate.

No reviews yet.

Discussion

Ask questions, share usage tips, get answers from the provider and other developers. Public — anyone can read.

Sign in to start a thread or reply.

Sign in

New thread

/ 4000

📌 Pinned 🔒 Locked

·

· ·

/ 4000

🔒 This thread is locked — no new replies.

  • No threads yet — start the discussion.

Support

Private 1:1 support with the provider — billing questions, integration issues, account problems. Only you and the provider team can see these threads.

Sign in to open a support ticket.

Sign in

Open new ticket

Describe what you need help with. The provider team gets an email and replies on the ticket page.

  • No tickets yet for this API.

Subscription active — calls can start immediately.

Send your first request —

Subscription active — copy a snippet and fire off your first call.