CVEs

Retrieve a CVE by identifier

get

Provides the most up-to-date data about a CVE.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

cve_idstringRequired

The identifier of the CVE to return, in the format CVE-YYYY-######

Example: CVE-2023-49103

Responses

200

successful

application/json

get

/api/cves/{cve_id}

GET /api/cves/{cve_id} HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

200

successful

{
  "identifier": "CVE-2023-49103",
  "description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).",
  "cvss": [
    {
      "version": "3.1",
      "score": 10,
      "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "metrics": {
        "attack_vector": "Network",
        "attack_complexity": "Low",
        "privileges_required": "None",
        "user_interaction": "None",
        "scope": "Changed",
        "confidentiality": "High",
        "integrity": "High",
        "availability": "High"
      },
      "sources": [
        "[email protected]",
        "mitre"
      ]
    },
    {
      "version": "3.1",
      "score": 7.5,
      "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "metrics": {
        "attack_vector": "Network",
        "attack_complexity": "Low",
        "privileges_required": "None",
        "user_interaction": "None",
        "scope": "Unchanged",
        "confidentiality": "High",
        "integrity": "None",
        "availability": "None"
      },
      "sources": [
        "[email protected]"
      ]
    }
  ],
  "references": [
    "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
    "https://owncloud.org/security"
  ],
  "has_exploitation_activity": true,
  "exploitation_activity": {
    "0_to_7_days": true,
    "8_to_30_days": true,
    "31_to_90_days": true,
    "91_to_365_days": true,
    "alltime": true
  },
  "tags": {
    "actor": [],
    "actor_action": [],
    "attack_vector": [],
    "component": [
      "mail server credentials",
      "license key",
      "ownCloud admin password"
    ],
    "keywords": [
      "information disclosure",
      "web",
      "configuration"
    ],
    "outcome": [
      "credential disclosure",
      "gather information"
    ],
    "prerequisite": [
      "URL is accessed"
    ],
    "stride": [
      "tampering",
      "information disclosure",
      "denial of service"
    ],
    "weakness": [
      "reveals the configuration details of the PHP environment",
      "exposes various other potentially sensitive configuration details"
    ]
  },
  "cwes": [
    {
      "identifier": "CWE-200",
      "name": "Exposure of Sensitive Information to an Unauthorized Actor",
      "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
      "category_name": "SFP Secondary Cluster: Exposed Data",
      "category_id": "CWE-963"
    }
  ],
  "reserved_at": "2023-11-21T00:00:00.000Z",
  "published_at": "2023-11-21T00:00:00.000Z",
  "last_updated_at": "2025-01-27T22:24:27.772Z",
  "cisa_kev_added_at": "2023-11-30T00:00:00.000Z",
  "shodan_vulnerability_count": null,
  "google_project_zero": {
    "present": false,
    "patched_at": null
  },
  "exploits": {
    "metasploit": [
      {
        "name": "ownCloud Phpinfo Reader",
        "fullname": "auxiliary/gather/owncloud_phpinfo_reader",
        "description": "Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app `graph` installed\n          contain a test file which prints `phpinfo()` to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter.\n          Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information.",
        "disclosure_date": "2023-11-21",
        "mod_time": "2023-12-04T20:09:56.000Z",
        "url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/gather/owncloud_phpinfo_reader.rb"
      }
    ],
    "exploitdb": [],
    "github": [
      {
        "repo": "d0rb/CVE-2023-49103",
        "prediction": 0.8660581707954407,
        "predicted_at": "2025-03-10T16:40:29.000Z",
        "repo_created_at": "2025-03-10T20:11:29.004Z",
        "url": "https://github.com/d0rb/CVE-2023-49103"
      }
    ]
  },
  "hackerone_reports_submitted": 4,
  "scores": {
    "global": {
      "score": 0.9713943314711305,
      "percentile": 0.9998484036161284,
      "computed_at": "2025-03-16T07:27:24.000Z"
    },
    "epss_v3": {
      "score": 0.92099,
      "percentile": 0.99238,
      "computed_at": "2025-03-16T15:46:16.000Z"
    },
    "epss_v4": {
      "score": 0.9091291982186883,
      "percentile": 0.996181146025878,
      "computed_at": "2025-03-16T18:47:04.000Z"
    }
  },
  "platforms": [
    {
      "product": "product",
      "vendor": "vendor"
    }
  ],
  "most_recent_exploitation_activity_date": "2025-07-20",
  "exploitation_activity_source_count": 1,
  "replacement_cve": null
}

Retrieve historical scores by CVE identifier

get

Retrieve the entire score history for the CVE. Supported scoring_model values are global epss_v3 epss_v4 all. Note that EPSS customers cannot request global scores.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

cve_idstringRequired

The identifier of the CVE to return, in the format CVE-YYYY-######

Example: CVE-2023-49103

Query parameters

scoring_modelstringRequired

The scoring model to retrieve historical scores for.

Example: epss_v4

Responses

200

successful

application/json

400

bad request

application/json

403

forbidden

application/json

get

/api/cves/{cve_id}/score_history

GET /api/cves/{cve_id}/score_history?scoring_model=text HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "identifier": "CVE-2023-49103",
  "scores": {
    "epss_v4": [
      {
        "percentile": 0.996181146025878,
        "score": 0.9091291982186883,
        "computed_at": "2025-03-16T18:47:04.000Z"
      },
      {
        "percentile": 0.966181146025878,
        "score": 0.8991291982186883,
        "computed_at": "2025-03-16T18:46:04.000Z"
      }
    ]
  }
}

Retrieve changes to a CVE by identifier

get

Provides the entire change history of a CVE.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

cve_idstringRequired

The identifier of the CVE to return, in the format CVE-YYYY-######

Example: CVE-2023-49103

Header parameters

acceptstringOptional

JSON is the default response type. If JSON Lines is preferable, set this header to application/jsonl.

Example: application/jsonl

Responses

200

successful

application/json

get

/api/cves/{cve_id}/history

GET /api/cves/{cve_id}/history HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

200

successful

[
  {
    "data": {
      "identifier": "CVE-2023-49103",
      "description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).",
      "cvss": [
        {
          "version": "3.1",
          "score": 10,
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "metrics": {
            "attack_vector": "Network",
            "attack_complexity": "Low",
            "privileges_required": "None",
            "user_interaction": "None",
            "scope": "Changed",
            "confidentiality": "High",
            "integrity": "High",
            "availability": "High"
          },
          "sources": [
            "[email protected]",
            "mitre"
          ]
        },
        {
          "version": "3.1",
          "score": 7.5,
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "metrics": {
            "attack_vector": "Network",
            "attack_complexity": "Low",
            "privileges_required": "None",
            "user_interaction": "None",
            "scope": "Unchanged",
            "confidentiality": "High",
            "integrity": "None",
            "availability": "None"
          },
          "sources": [
            "[email protected]"
          ]
        }
      ],
      "references": [
        "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
        "https://owncloud.org/security"
      ],
      "has_exploitation_activity": true,
      "exploitation_activity": {
        "0_to_7_days": true,
        "8_to_30_days": true,
        "31_to_90_days": true,
        "91_to_365_days": true,
        "alltime": true
      },
      "tags": {
        "actor": [],
        "actor_action": [],
        "attack_vector": [],
        "component": [
          "mail server credentials",
          "license key",
          "ownCloud admin password"
        ],
        "keywords": [
          "information disclosure",
          "web",
          "configuration"
        ],
        "outcome": [
          "credential disclosure",
          "gather information"
        ],
        "prerequisite": [
          "URL is accessed"
        ],
        "stride": [
          "tampering",
          "information disclosure",
          "denial of service"
        ],
        "weakness": [
          "reveals the configuration details of the PHP environment",
          "exposes various other potentially sensitive configuration details"
        ]
      },
      "cwes": [
        {
          "identifier": "CWE-200",
          "name": "Exposure of Sensitive Information to an Unauthorized Actor",
          "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
          "category_name": "SFP Secondary Cluster: Exposed Data",
          "category_id": "CWE-963"
        }
      ],
      "reserved_at": "2023-11-21T00:00:00.000Z",
      "published_at": "2023-11-21T00:00:00.000Z",
      "last_updated_at": "2025-01-27T22:24:27.772Z",
      "cisa_kev_added_at": "2023-11-30T00:00:00.000Z",
      "shodan_vulnerability_count": null,
      "google_project_zero": {
        "present": false,
        "patched_at": null
      },
      "exploits": {
        "metasploit": [
          {
            "name": "ownCloud Phpinfo Reader",
            "fullname": "auxiliary/gather/owncloud_phpinfo_reader",
            "description": "Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app `graph` installed\n          contain a test file which prints `phpinfo()` to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter.\n          Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information.",
            "disclosure_date": "2023-11-21",
            "mod_time": "2023-12-04T20:09:56.000Z",
            "url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/gather/owncloud_phpinfo_reader.rb"
          }
        ],
        "exploitdb": [],
        "github": [
          {
            "repo": "d0rb/CVE-2023-49103",
            "prediction": 0.8660581707954407,
            "predicted_at": "2025-03-10T16:40:29.000Z",
            "repo_created_at": "2025-03-10T20:11:29.004Z",
            "url": "https://github.com/d0rb/CVE-2023-49103"
          }
        ]
      },
      "hackerone_reports_submitted": 4,
      "scores": {
        "global": {
          "score": 0.9713943314711305,
          "percentile": 0.9998484036161284,
          "computed_at": "2025-03-16T07:27:24.000Z"
        },
        "epss_v3": {
          "score": 0.92099,
          "percentile": 0.99238,
          "computed_at": "2025-03-16T15:46:16.000Z"
        },
        "epss_v4": {
          "score": 0.9091291982186883,
          "percentile": 0.996181146025878,
          "computed_at": "2025-03-16T18:47:04.000Z"
        }
      },
      "platforms": [
        {
          "product": "product",
          "vendor": "vendor"
        }
      ],
      "most_recent_exploitation_activity_date": "2025-07-20",
      "exploitation_activity_source_count": 1,
      "replacement_cve": null
    },
    "diff": {
      "cvss": {
        "old": [
          {
            "version": "3.1",
            "score": 10,
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "metrics": {
              "attack_vector": "Network",
              "attack_complexity": "Low",
              "privileges_required": "None",
              "user_interaction": "None",
              "scope": "Changed",
              "confidentiality": "High",
              "integrity": "High",
              "availability": "High"
            },
            "sources": [
              "[email protected]",
              "mitre"
            ]
          }
        ],
        "new": [
          {
            "version": "3.1",
            "score": 10,
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "metrics": {
              "attack_vector": "Network",
              "attack_complexity": "Low",
              "privileges_required": "None",
              "user_interaction": "None",
              "scope": "Changed",
              "confidentiality": "High",
              "integrity": "High",
              "availability": "High"
            },
            "sources": [
              "[email protected]",
              "mitre"
            ]
          },
          {
            "version": "3.1",
            "score": 7.5,
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "metrics": {
              "attack_vector": "Network",
              "attack_complexity": "Low",
              "privileges_required": "None",
              "user_interaction": "None",
              "scope": "Unchanged",
              "confidentiality": "High",
              "integrity": "None",
              "availability": "None"
            },
            "sources": [
              "[email protected]"
            ]
          }
        ]
      },
      "scores": {
        "old": {
          "global": {
            "score": 0.9137943314711305,
            "percentile": 0.9798484036161283,
            "computed_at": "2025-03-16T07:27:24.000Z"
          },
          "epss_v3": {
            "score": 0.90299,
            "percentile": 0.92938,
            "computed_at": "2025-03-16T15:46:16.000Z"
          },
          "epss_v4": {
            "score": 0.8991291982186883,
            "percentile": 0.966181146025878,
            "computed_at": "2025-03-16T18:46:04.000Z"
          }
        },
        "new": {
          "global": {
            "score": 0.9713943314711305,
            "percentile": 0.9998484036161284,
            "computed_at": "2025-03-16T07:27:24.000Z"
          },
          "epss_v3": {
            "score": 0.92099,
            "percentile": 0.99238,
            "computed_at": "2025-03-16T15:46:16.000Z"
          },
          "epss_v4": {
            "score": 0.9091291982186883,
            "percentile": 0.996181146025878,
            "computed_at": "2025-03-16T18:47:04.000Z"
          }
        }
      }
    },
    "generated_at": "2025-04-02T21:20:15.366Z"
  }
]

Retrieve all CVE data as a .jsonl.gz file

get

Provides a redirect which should be followed to obtain the latest CVE data file. The data is returned as a gzipped jsonl (JSON Lines) formatted file containing data for all CVEs we have in our system. If a file is unavailable a 202 Accepted is returned while the file is generated, and this endpoint should be periodically polled. If/when a file is available a 302 Found is issued with a redirect location to fetch the file.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Responses

202

accepted

302

redirect

get

/api/cves/all

GET /api/cves/all HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

No content

Retrieve all malware hashes associated with the CVE identifier

get

Provides all malware hashes associated with the given CVE identifier

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

cve_idstringRequired

The identifier of the CVE to return, in the format CVE-YYYY-######

Example: CVE-2023-49103

Header parameters

acceptstringOptional

JSON is the default response type. If JSON Lines is preferable, set this header to application/jsonl.

Example: application/jsonl

Responses

200

successful

application/json

get

/api/cves/{cve_id}/malware

GET /api/cves/{cve_id}/malware HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

200

successful

[
  {
    "md5": "161bc25962da8fed6d2f59922fb642aa",
    "sha1": "6e71b3cac15d32fe2d36c270887df9479c25c640",
    "sha256": "12998c017066eb0d2a70b94e6ed3192985855ce390f321bbdb832022888bd251"
  },
  {
    "md5": "09edade86566ee60e5cdd8c0edbc2b5a",
    "sha1": "35b03d1adda20ff42f78b2aaebd106c847f97a81",
    "sha256": "354cacb2d2c45cb28af92ca348ea3a2236ecc48c81c78e0924bf46bd68d9c407"
  }
]

PreviousLegacy - Exploit Intelligence Service NextSearch

Last updated 6 months ago

Was this helpful?