Search

Search queries are submitted using Empirical's search syntax.

Retrieve CVEs for a specified query

get

Execute a search query. This query uses Empirical's search syntax and the query portion should be URL-encoded. For example, cURL users can specify -G --data-urlencode "q=score:>90" as part of their command to correctly encode and append the search query.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

qstringOptional

The query to execute, using Empirical search syntax

Example: score:>90 vendor:microsoft exp_activity:true

scoring_modelstringOptional

The key of the scoring/model to use for the search (e.g., epss_v4, global, etc.)

Header parameters

acceptstringOptional

JSON is the default response type. If JSON Lines is preferable, set this header to application/jsonl.

Example: application/jsonl

Responses

200

successful

application/json

get

/api/search

GET /api/search HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

200

successful

[
  {
    "identifier": "CVE-2023-49103",
    "description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).",
    "cvss": [
      {
        "version": "3.1",
        "score": 10,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "metrics": {
          "attack_vector": "Network",
          "attack_complexity": "Low",
          "privileges_required": "None",
          "user_interaction": "None",
          "scope": "Changed",
          "confidentiality": "High",
          "integrity": "High",
          "availability": "High"
        },
        "sources": [
          "[email protected]",
          "mitre"
        ]
      },
      {
        "version": "3.1",
        "score": 7.5,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "metrics": {
          "attack_vector": "Network",
          "attack_complexity": "Low",
          "privileges_required": "None",
          "user_interaction": "None",
          "scope": "Unchanged",
          "confidentiality": "High",
          "integrity": "None",
          "availability": "None"
        },
        "sources": [
          "[email protected]"
        ]
      }
    ],
    "references": [
      "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
      "https://owncloud.org/security"
    ],
    "has_exploitation_activity": true,
    "exploitation_activity": {
      "0_to_7_days": true,
      "8_to_30_days": true,
      "31_to_90_days": true,
      "91_to_365_days": true,
      "alltime": true
    },
    "tags": {
      "actor": [],
      "actor_action": [],
      "attack_vector": [],
      "component": [
        "mail server credentials",
        "license key",
        "ownCloud admin password"
      ],
      "keywords": [
        "information disclosure",
        "web",
        "configuration"
      ],
      "outcome": [
        "credential disclosure",
        "gather information"
      ],
      "prerequisite": [
        "URL is accessed"
      ],
      "stride": [
        "tampering",
        "information disclosure",
        "denial of service"
      ],
      "weakness": [
        "reveals the configuration details of the PHP environment",
        "exposes various other potentially sensitive configuration details"
      ]
    },
    "cwes": [
      {
        "identifier": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor",
        "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
        "category_name": "SFP Secondary Cluster: Exposed Data",
        "category_id": "CWE-963"
      }
    ],
    "reserved_at": "2023-11-21T00:00:00.000Z",
    "published_at": "2023-11-21T00:00:00.000Z",
    "last_updated_at": "2025-01-27T22:24:27.772Z",
    "cisa_kev_added_at": "2023-11-30T00:00:00.000Z",
    "shodan_vulnerability_count": null,
    "google_project_zero": {
      "present": false,
      "patched_at": null
    },
    "exploits": {
      "metasploit": [
        {
          "name": "ownCloud Phpinfo Reader",
          "fullname": "auxiliary/gather/owncloud_phpinfo_reader",
          "description": "Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app `graph` installed\n          contain a test file which prints `phpinfo()` to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter.\n          Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information.",
          "disclosure_date": "2023-11-21",
          "mod_time": "2023-12-04T20:09:56.000Z",
          "url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/gather/owncloud_phpinfo_reader.rb"
        }
      ],
      "exploitdb": [],
      "github": [
        {
          "repo": "d0rb/CVE-2023-49103",
          "prediction": 0.8660581707954407,
          "predicted_at": "2025-03-10T16:40:29.000Z",
          "repo_created_at": "2025-03-10T20:11:29.004Z",
          "url": "https://github.com/d0rb/CVE-2023-49103"
        }
      ]
    },
    "hackerone_reports_submitted": 4,
    "scores": {
      "global": {
        "score": 0.9713943314711305,
        "percentile": 0.9998484036161284,
        "computed_at": "2025-03-16T07:27:24.000Z"
      },
      "epss_v3": {
        "score": 0.92099,
        "percentile": 0.99238,
        "computed_at": "2025-03-16T15:46:16.000Z"
      },
      "epss_v4": {
        "score": 0.9091291982186883,
        "percentile": 0.996181146025878,
        "computed_at": "2025-03-16T18:47:04.000Z"
      }
    },
    "platforms": [
      {
        "product": "product",
        "vendor": "vendor"
      }
    ],
    "most_recent_exploitation_activity_date": "2025-07-20",
    "exploitation_activity_source_count": 1,
    "replacement_cve": null
  }
]

PreviousCVEs NextSaved Queries

Last updated 7 months ago

Was this helpful?