CVEs
GET
https://app.empiricalsecurity.com/api/cves/{cve_id}
Retrieve a CVE by identifier
Provides the most up-to-date data about a CVE.
Authentication: Bearer token required
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cve_id |
string | Yes |
The identifier of the CVE to return, in the format CVE-YYYY-######
Example: CVE-2023-49103 |
Response 200
successful
{
"identifier": "CVE-2023-49103",
"description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).",
"cvss": [
{
"version": "3.1",
"score": 10.0,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Changed",
"confidentiality": "High",
"integrity": "High",
"availability": "High"
},
"sources": [
"cve@mitre.org",
"mitre"
]
},
{
"version": "3.1",
"score": 7.5,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Unchanged",
"confidentiality": "High",
"integrity": "None",
"availability": "None"
},
"sources": [
"nvd@nist.gov"
]
}
],
"references": [
"https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
"https://owncloud.org/security"
],
"has_exploitation_activity": true,
"exploitation_activity": {
"0_to_7_days": true,
"8_to_30_days": true,
"31_to_90_days": true,
"91_to_365_days": true,
"alltime": true
},
"tags": {
"actor": [],
"actor_action": [],
"attack_vector": [],
"component": [
"mail server credentials",
"license key",
"ownCloud admin password"
],
"keywords": [
"information disclosure",
"web",
"configuration"
],
"outcome": [
"credential disclosure",
"gather information"
],
"prerequisite": [
"URL is accessed"
],
"stride": [
"tampering",
"information disclosure",
"denial of service"
],
"weakness": [
"reveals the configuration details of the PHP environment",
"exposes various other potentially sensitive configuration details"
]
},
"cwes": [
{
"identifier": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"category_name": "SFP Secondary Cluster: Exposed Data",
"category_id": "CWE-963"
}
],
"reserved_at": "2023-11-21T00:00:00.000Z",
"published_at": "2023-11-21T00:00:00.000Z",
"last_updated_at": "2025-01-27T22:24:27.772Z",
"cisa_kev_added_at": "2023-11-30T00:00:00.000Z",
"shodan_vulnerability_count": null,
"google_project_zero": {
"present": false,
"patched_at": null
},
"exploits": {
"metasploit": [
{
"name": "ownCloud Phpinfo Reader",
"fullname": "auxiliary/gather/owncloud_phpinfo_reader",
"description": "Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app `graph` installed\n contain a test file which prints `phpinfo()` to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter.\n Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information.",
"disclosure_date": "2023-11-21",
"mod_time": "2023-12-04T20:09:56.000Z",
"url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/gather/owncloud_phpinfo_reader.rb"
}
],
"exploitdb": [],
"github": [
{
"repo": "d0rb/CVE-2023-49103",
"prediction": 0.8660581707954407,
"predicted_at": "2025-03-10T16:40:29.000Z",
"repo_created_at": "2025-03-10T20:11:29.004Z",
"url": "https://github.com/d0rb/CVE-2023-49103"
}
]
},
"hackerone_reports_submitted": 4,
"scores": {
"global": {
"score": 0.9713943314711305,
"percentile": 0.9998484036161284,
"computed_at": "2025-03-16T07:27:24.000Z"
},
"epss_v3": {
"score": 0.92099,
"percentile": 0.99238,
"computed_at": "2025-03-16T15:46:16.000Z"
},
"epss_v4": {
"score": 0.9091291982186883,
"percentile": 0.996181146025878,
"computed_at": "2025-03-16T18:47:04.000Z"
}
},
"platforms": [
{
"product": "product",
"vendor": "vendor"
}
],
"most_recent_exploitation_activity_date": "2025-07-20",
"exploitation_activity_source_count": 1,
"replacement_cve": null
}
GET
https://app.empiricalsecurity.com/api/cves/{cve_id}/malware
Retrieve all malware hashes associated with the CVE identifier
Provides all malware hashes associated with the given CVE identifier
Authentication: Bearer token required
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cve_id |
string | Yes |
The identifier of the CVE to return, in the format CVE-YYYY-######
Example: CVE-2023-49103 |
accept |
string | No |
JSON is the default response type. If JSON Lines is preferable, set this header to application/jsonl.
Example: application/jsonl |
Response 200
successful
[
{
"md5": "161bc25962da8fed6d2f59922fb642aa",
"sha1": "6e71b3cac15d32fe2d36c270887df9479c25c640",
"sha256": "12998c017066eb0d2a70b94e6ed3192985855ce390f321bbdb832022888bd251"
},
{
"md5": "09edade86566ee60e5cdd8c0edbc2b5a",
"sha1": "35b03d1adda20ff42f78b2aaebd106c847f97a81",
"sha256": "354cacb2d2c45cb28af92ca348ea3a2236ecc48c81c78e0924bf46bd68d9c407"
}
]
GET
https://app.empiricalsecurity.com/api/cves/{cve_id}/critical_indicators
Retrieve critical indicators data by CVE identifier
Retrieve the critical indicators dataset for the CVE.
Authentication: Bearer token required
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cve_id |
string | Yes |
The identifier of the CVE to return, in the format CVE-YYYY-######
Example: CVE-2023-49103 |
accept |
string | No |
JSON is the default response type. If JSON Lines is preferable, set this header to application/jsonl.
Example: application/jsonl |
Response 200
successful
[
{
"scoring_model": "global",
"critical_indicators_data": {
"Vendor": {
"weight_category": "2",
"weight": "1.1629999760184013",
"detail": "Microsoft (1, wt=1)"
},
"Chatter": {
"weight_category": "2",
"weight": "1.626999750799777",
"detail": "Sightings (9, wt=1); checkpoint.com (1, wt=0.4); github.com (2, wt=0.2)"
},
"References": {
"weight_category": "-1",
"weight": "-0.23581081052543595",
"detail": "CVE Refs (2, wt=-0.3)"
},
"Exploit Code": {
"weight_category": "-1",
"weight": "-0.5718907862901688",
"detail": "GitHub (0, wt=-0.2); ExploitDB (0, wt=-0.2); Metasploit (0, wt=-0.1)"
},
"Exploitation": {
"weight_category": "0",
"weight": "0",
"detail": "NA"
},
"Threat Intel": {
"weight_category": "-0",
"weight": "-0.07007812266238034",
"detail": "H1 Hacktivity (1, wt=0.06); GitHub Repos (23, wt=0.03)"
},
"Vuln Attributes": {
"weight_category": "-1",
"weight": "-0.35657389161198694",
"detail": "CWE:access control (1, wt=-0.3); TAG:remote (0, wt=-0.2)"
}
}
}
]
GET
https://app.empiricalsecurity.com/api/cves/{cve_id}/score_history
Retrieve historical scores by CVE identifier
Retrieve the entire score history for the CVE. Supported scoring_model values are `global` `epss_v3` `epss_v4` `all`. Note that EPSS customers cannot request `global` scores.
Authentication: Bearer token required
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cve_id |
string | Yes |
The identifier of the CVE to return, in the format CVE-YYYY-######
Example: CVE-2023-49103 |
scoring_model |
string | Yes |
The scoring model to retrieve historical scores for.
Example: epss_v4 |
Response 400
bad request
{
"error": {
"code": "invalid_parameter",
"message": "Invalid scoring_model, valid values are: epss_v3, epss_v4, global, all"
}
}
Response 403
forbidden
{
"error": {
"code": "forbidden",
"message": "Your organization does not have access to the requested scoring model"
}
}
Response 200
successful
{
"identifier": "CVE-2023-49103",
"scores": {
"epss_v4": [
{
"percentile": 0.996181146025878,
"score": 0.9091291982186883,
"computed_at": "2025-03-16T18:47:04.000Z"
},
{
"percentile": 0.966181146025878,
"score": 0.8991291982186883,
"computed_at": "2025-03-16T18:46:04.000Z"
}
]
}
}
GET
https://app.empiricalsecurity.com/api/cves/{cve_id}/history
Retrieve changes to a CVE by identifier
Provides the entire change history of a CVE.
Authentication: Bearer token required
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cve_id |
string | Yes |
The identifier of the CVE to return, in the format CVE-YYYY-######
Example: CVE-2023-49103 |
accept |
string | No |
JSON is the default response type. If JSON Lines is preferable, set this header to application/jsonl.
Example: application/jsonl |
Response 200
successful
[
{
"data": {
"identifier": "CVE-2023-49103",
"description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).",
"cvss": [
{
"version": "3.1",
"score": 10.0,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Changed",
"confidentiality": "High",
"integrity": "High",
"availability": "High"
},
"sources": [
"cve@mitre.org",
"mitre"
]
},
{
"version": "3.1",
"score": 7.5,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Unchanged",
"confidentiality": "High",
"integrity": "None",
"availability": "None"
},
"sources": [
"nvd@nist.gov"
]
}
],
"references": [
"https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
"https://owncloud.org/security"
],
"has_exploitation_activity": true,
"exploitation_activity": {
"0_to_7_days": true,
"8_to_30_days": true,
"31_to_90_days": true,
"91_to_365_days": true,
"alltime": true
},
"tags": {
"actor": [],
"actor_action": [],
"attack_vector": [],
"component": [
"mail server credentials",
"license key",
"ownCloud admin password"
],
"keywords": [
"information disclosure",
"web",
"configuration"
],
"outcome": [
"credential disclosure",
"gather information"
],
"prerequisite": [
"URL is accessed"
],
"stride": [
"tampering",
"information disclosure",
"denial of service"
],
"weakness": [
"reveals the configuration details of the PHP environment",
"exposes various other potentially sensitive configuration details"
]
},
"cwes": [
{
"identifier": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"category_name": "SFP Secondary Cluster: Exposed Data",
"category_id": "CWE-963"
}
],
"reserved_at": "2023-11-21T00:00:00.000Z",
"published_at": "2023-11-21T00:00:00.000Z",
"last_updated_at": "2025-01-27T22:24:27.772Z",
"cisa_kev_added_at": "2023-11-30T00:00:00.000Z",
"shodan_vulnerability_count": null,
"google_project_zero": {
"present": false,
"patched_at": null
},
"exploits": {
"metasploit": [
{
"name": "ownCloud Phpinfo Reader",
"fullname": "auxiliary/gather/owncloud_phpinfo_reader",
"description": "Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app `graph` installed\n contain a test file which prints `phpinfo()` to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter.\n Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information.",
"disclosure_date": "2023-11-21",
"mod_time": "2023-12-04T20:09:56.000Z",
"url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/gather/owncloud_phpinfo_reader.rb"
}
],
"exploitdb": [],
"github": [
{
"repo": "d0rb/CVE-2023-49103",
"prediction": 0.8660581707954407,
"predicted_at": "2025-03-10T16:40:29.000Z",
"repo_created_at": "2025-03-10T20:11:29.004Z",
"url": "https://github.com/d0rb/CVE-2023-49103"
}
]
},
"hackerone_reports_submitted": 4,
"scores": {
"global": {
"score": 0.9713943314711305,
"percentile": 0.9998484036161284,
"computed_at": "2025-03-16T07:27:24.000Z"
},
"epss_v3": {
"score": 0.92099,
"percentile": 0.99238,
"computed_at": "2025-03-16T15:46:16.000Z"
},
"epss_v4": {
"score": 0.9091291982186883,
"percentile": 0.996181146025878,
"computed_at": "2025-03-16T18:47:04.000Z"
}
},
"platforms": [
{
"product": "product",
"vendor": "vendor"
}
],
"most_recent_exploitation_activity_date": "2025-07-20",
"exploitation_activity_source_count": 1,
"replacement_cve": null
},
"diff": {
"cvss": {
"old": [
{
"version": "3.1",
"score": 10.0,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Changed",
"confidentiality": "High",
"integrity": "High",
"availability": "High"
},
"sources": [
"cve@mitre.org",
"mitre"
]
}
],
"new": [
{
"version": "3.1",
"score": 10.0,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Changed",
"confidentiality": "High",
"integrity": "High",
"availability": "High"
},
"sources": [
"cve@mitre.org",
"mitre"
]
},
{
"version": "3.1",
"score": 7.5,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Unchanged",
"confidentiality": "High",
"integrity": "None",
"availability": "None"
},
"sources": [
"nvd@nist.gov"
]
}
]
},
"scores": {
"old": {
"global": {
"score": 0.9137943314711305,
"percentile": 0.9798484036161283,
"computed_at": "2025-03-16T07:27:24.000Z"
},
"epss_v3": {
"score": 0.90299,
"percentile": 0.92938,
"computed_at": "2025-03-16T15:46:16.000Z"
},
"epss_v4": {
"score": 0.8991291982186883,
"percentile": 0.966181146025878,
"computed_at": "2025-03-16T18:46:04.000Z"
}
},
"new": {
"global": {
"score": 0.9713943314711305,
"percentile": 0.9998484036161284,
"computed_at": "2025-03-16T07:27:24.000Z"
},
"epss_v3": {
"score": 0.92099,
"percentile": 0.99238,
"computed_at": "2025-03-16T15:46:16.000Z"
},
"epss_v4": {
"score": 0.9091291982186883,
"percentile": 0.996181146025878,
"computed_at": "2025-03-16T18:47:04.000Z"
}
}
}
},
"generated_at": "2025-04-02T21:20:15.366Z"
}
]
GET
https://app.empiricalsecurity.com/api/cves/all
Retrieve all CVE data as a .jsonl.gz file
Provides a redirect which should be followed to obtain the latest CVE data file. The data is returned as a gzipped jsonl (JSON Lines) formatted file containing data for all CVEs we have in our system. If a file is unavailable a 202 Accepted is returned while the file is generated, and this endpoint should be periodically polled. If/when a file is available a 302 Found is issued with a redirect location to fetch the file.
Authentication: Bearer token required
Response 202
accepted
Response 302
redirect