CVEs
Provides the most up-to-date data about a CVE.
Authorizations
Path parameters
cve_idstringRequiredExample:
The identifier of the CVE to return, in the format CVE-YYYY-######
CVE-2023-49103Responses
200
successful
application/json
get
GET /api/cves/{cve_id} HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer JWT
Accept: */*
200
successful
{
"identifier": "CVE-2023-49103",
"description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).",
"cvss": [
{
"version": "3.1",
"score": 10,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Changed",
"confidentiality": "High",
"integrity": "High",
"availability": "High"
},
"sources": [
"[email protected]",
"mitre"
]
},
{
"version": "3.1",
"score": 7.5,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Unchanged",
"confidentiality": "High",
"integrity": "None",
"availability": "None"
},
"sources": [
"[email protected]"
]
}
],
"references": [
"https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
"https://owncloud.org/security"
],
"has_exploitation_activity": true,
"exploitation_activity": {
"0_to_7_days": true,
"8_to_30_days": true,
"31_to_90_days": true,
"91_to_365_days": true,
"alltime": true
},
"tags": {
"actor": [],
"actor_action": [],
"attack_vector": [],
"component": [
"mail server credentials",
"license key",
"ownCloud admin password"
],
"keywords": [
"information disclosure",
"web",
"configuration"
],
"outcome": [
"credential disclosure",
"gather information"
],
"prerequisite": [
"URL is accessed"
],
"stride": [
"tampering",
"information disclosure",
"denial of service"
],
"weakness": [
"reveals the configuration details of the PHP environment",
"exposes various other potentially sensitive configuration details"
]
},
"cwes": [
{
"identifier": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"category_name": "SFP Secondary Cluster: Exposed Data",
"category_id": "CWE-963"
}
],
"reserved_at": "2023-11-21T00:00:00.000Z",
"published_at": "2023-11-21T00:00:00.000Z",
"last_updated_at": "2025-01-27T22:24:27.772Z",
"cisa_kev_added_at": "2023-11-30T00:00:00.000Z",
"shodan_vulnerability_count": null,
"google_project_zero": {
"present": false,
"patched_at": null
},
"exploits": {
"metasploit": [
{
"name": "ownCloud Phpinfo Reader",
"fullname": "auxiliary/gather/owncloud_phpinfo_reader",
"description": "Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app `graph` installed\n contain a test file which prints `phpinfo()` to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter.\n Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information.",
"disclosure_date": "2023-11-21",
"mod_time": "2023-12-04T20:09:56.000Z"
}
],
"exploitdb": [],
"github": [
{
"repo": "d0rb/CVE-2023-49103",
"prediction": 0.8660581707954407,
"predicted_at": "2025-03-10T16:40:29.000Z",
"repo_created_at": "2025-03-10T20:11:29.004Z"
}
]
},
"hackerone_reports_submitted": 4,
"scores": {
"global": {
"score": 0.9713943314711305,
"percentile": 0.9998484036161284,
"computed_at": "2025-03-16T07:27:24.000Z"
},
"epss_v3": {
"score": 0.92099,
"percentile": 0.99238,
"computed_at": "2025-03-16T15:46:16.000Z"
},
"epss_v4": {
"score": 0.9091291982186883,
"percentile": 0.996181146025878,
"computed_at": "2025-03-16T18:47:04.000Z"
}
},
"platforms": [
{
"product": "product",
"vendor": "vendor"
}
]
}Retrieve the entire score history for the CVE. Supported scoring_model values are global epss_v3 epss_v4 all. Note that EPSS customers cannot request global scores.
Authorizations
Path parameters
cve_idstringRequiredExample:
The identifier of the CVE to return, in the format CVE-YYYY-######
CVE-2023-49103Query parameters
scoring_modelstringRequiredExample:
The scoring model to retrieve historical scores for.
epss_v3, epss_v4, global, allResponses
200
successful
application/json
400
bad request
application/json
403
forbidden
application/json
get
GET /api/cves/{cve_id}/score_history HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer JWT
Accept: */*
{
"identifier": "CVE-2023-49103",
"scores": {
"epss_v4": [
{
"percentile": 0.996181146025878,
"score": 0.9091291982186883,
"computed_at": "2025-03-16T18:47:04.000Z"
},
{
"percentile": 0.966181146025878,
"score": 0.8991291982186883,
"computed_at": "2025-03-16T18:46:04.000Z"
}
]
}
}Provides the entire change history of a CVE.
Authorizations
Path parameters
cve_idstringRequiredExample:
The identifier of the CVE to return, in the format CVE-YYYY-######
CVE-2023-49103Responses
200
successful
application/json
get
GET /api/cves/{cve_id}/history HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer JWT
Accept: */*
200
successful
[
{
"data": {
"identifier": "CVE-2023-49103",
"description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).",
"cvss": [
{
"version": "3.1",
"score": 10,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Changed",
"confidentiality": "High",
"integrity": "High",
"availability": "High"
},
"sources": [
"[email protected]",
"mitre"
]
},
{
"version": "3.1",
"score": 7.5,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Unchanged",
"confidentiality": "High",
"integrity": "None",
"availability": "None"
},
"sources": [
"[email protected]"
]
}
],
"references": [
"https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
"https://owncloud.org/security"
],
"has_exploitation_activity": true,
"exploitation_activity": {
"0_to_7_days": true,
"8_to_30_days": true,
"31_to_90_days": true,
"91_to_365_days": true,
"alltime": true
},
"tags": {
"actor": [],
"actor_action": [],
"attack_vector": [],
"component": [
"mail server credentials",
"license key",
"ownCloud admin password"
],
"keywords": [
"information disclosure",
"web",
"configuration"
],
"outcome": [
"credential disclosure",
"gather information"
],
"prerequisite": [
"URL is accessed"
],
"stride": [
"tampering",
"information disclosure",
"denial of service"
],
"weakness": [
"reveals the configuration details of the PHP environment",
"exposes various other potentially sensitive configuration details"
]
},
"cwes": [
{
"identifier": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"category_name": "SFP Secondary Cluster: Exposed Data",
"category_id": "CWE-963"
}
],
"reserved_at": "2023-11-21T00:00:00.000Z",
"published_at": "2023-11-21T00:00:00.000Z",
"last_updated_at": "2025-01-27T22:24:27.772Z",
"cisa_kev_added_at": "2023-11-30T00:00:00.000Z",
"shodan_vulnerability_count": null,
"google_project_zero": {
"present": false,
"patched_at": null
},
"exploits": {
"metasploit": [
{
"name": "ownCloud Phpinfo Reader",
"fullname": "auxiliary/gather/owncloud_phpinfo_reader",
"description": "Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app `graph` installed\n contain a test file which prints `phpinfo()` to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter.\n Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information.",
"disclosure_date": "2023-11-21",
"mod_time": "2023-12-04T20:09:56.000Z"
}
],
"exploitdb": [],
"github": [
{
"repo": "d0rb/CVE-2023-49103",
"prediction": 0.8660581707954407,
"predicted_at": "2025-03-10T16:40:29.000Z",
"repo_created_at": "2025-03-10T20:11:29.004Z"
}
]
},
"hackerone_reports_submitted": 4,
"scores": {
"global": {
"score": 0.9713943314711305,
"percentile": 0.9998484036161284,
"computed_at": "2025-03-16T07:27:24.000Z"
},
"epss_v3": {
"score": 0.92099,
"percentile": 0.99238,
"computed_at": "2025-03-16T15:46:16.000Z"
},
"epss_v4": {
"score": 0.9091291982186883,
"percentile": 0.996181146025878,
"computed_at": "2025-03-16T18:47:04.000Z"
}
},
"platforms": [
{
"product": "product",
"vendor": "vendor"
}
]
},
"diff": {
"cvss": {
"old": [
{
"version": "3.1",
"score": 10,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Changed",
"confidentiality": "High",
"integrity": "High",
"availability": "High"
},
"sources": [
"[email protected]",
"mitre"
]
}
],
"new": [
{
"version": "3.1",
"score": 10,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Changed",
"confidentiality": "High",
"integrity": "High",
"availability": "High"
},
"sources": [
"[email protected]",
"mitre"
]
},
{
"version": "3.1",
"score": 7.5,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Unchanged",
"confidentiality": "High",
"integrity": "None",
"availability": "None"
},
"sources": [
"[email protected]"
]
}
]
},
"scores": {
"old": {
"global": {
"score": 0.9137943314711305,
"percentile": 0.9798484036161283,
"computed_at": "2025-03-16T07:27:24.000Z"
},
"epss_v3": {
"score": 0.90299,
"percentile": 0.92938,
"computed_at": "2025-03-16T15:46:16.000Z"
},
"epss_v4": {
"score": 0.8991291982186883,
"percentile": 0.966181146025878,
"computed_at": "2025-03-16T18:46:04.000Z"
}
},
"new": {
"global": {
"score": 0.9713943314711305,
"percentile": 0.9998484036161284,
"computed_at": "2025-03-16T07:27:24.000Z"
},
"epss_v3": {
"score": 0.92099,
"percentile": 0.99238,
"computed_at": "2025-03-16T15:46:16.000Z"
},
"epss_v4": {
"score": 0.9091291982186883,
"percentile": 0.996181146025878,
"computed_at": "2025-03-16T18:47:04.000Z"
}
}
}
},
"generated_at": "2025-04-02T21:20:15.366Z"
}
]Provides a redirect which should be followed to obtain the latest CVE data file. The data is returned as a gzipped jsonl (JSON Lines) formatted file containing data for all CVEs we have in our system. If a file is unavailable a 202 Accepted is returned while the file is generated, and this endpoint should be periodically polled. If/when a file is available a 302 Found is issued with a redirect location to fetch the file.
Authorizations
Responses
202
accepted
302
redirect
get
GET /api/cves/all HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer JWT
Accept: */*
No content
Provides all malware hashes associated with the given CVE identifier
Authorizations
Path parameters
cve_idstringRequiredExample:
The identifier of the CVE to return, in the format CVE-YYYY-######
CVE-2023-49103Responses
200
successful
application/json
get
GET /api/cves/{cve_id}/malware HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer JWT
Accept: */*
200
successful
[
{
"md5": "161bc25962da8fed6d2f59922fb642aa",
"sha1": "6e71b3cac15d32fe2d36c270887df9479c25c640",
"sha256": "12998c017066eb0d2a70b94e6ed3192985855ce390f321bbdb832022888bd251"
},
{
"md5": "09edade86566ee60e5cdd8c0edbc2b5a",
"sha1": "35b03d1adda20ff42f78b2aaebd106c847f97a81",
"sha256": "354cacb2d2c45cb28af92ca348ea3a2236ecc48c81c78e0924bf46bd68d9c407"
}
]Last updated
Was this helpful?