#vulnerabilities

See what any host exposes to the internet — as an API over Shodan's free InternetDB. Give it an IPv4/IPv6 address (or a hostname, which is resolved to its IP) and get that host's attack surface: the open ports (annotated with common service names), the products and technologies detected on it (CPEs), its reverse hostnames, Shodan's classification tags, and the known vulnerabilities (CVE identifiers) observed on its services. A dedicated vulnerabilities view returns just the CVEs and whether the host appears vulnerable. It is fast, requires no key, and is built for security, asset-discovery, external attack-surface monitoring and reconnaissance workflows. A network-exposure / attack-surface resource — distinct from IP geolocation (where an address is), the IANA port registry (what a port number means) and CVE databases (what a vulnerability is). Data from Shodan InternetDB (free / non-commercial use).

api.oanor.com/internetdb-api

The Open Source Vulnerabilities database (OSV / osv.dev) as an API — the supply-chain security check for open-source dependencies. Scan any package version (PyPI, npm, Go, crates.io, Maven, NuGet, RubyGems, Packagist, Hex and more) and instantly learn whether it is affected by known vulnerabilities, with each advisory's severity, CVSS score, CVE aliases, CWE weakness and references; list every advisory ever published for a package; and look up a single advisory (GHSA, PYSEC, GO, RUSTSEC, CVE…) in full detail, including the affected packages and version ranges. Live from Google's official OSV.dev database, which aggregates GitHub Security Advisories, PyPA, RustSec, Go and many other sources. Ideal for dependency scanning, SBOM and supply-chain tooling, CI security gates and devsecops dashboards. Open data.

api.oanor.com/osv-api