Search Syntax
The Empirical API allows you to search for CVEs using a standardized syntax.
Building Search Queries
Search queries are built from search terms, separated by spaces. Search terms are built from a key and a value, joined with a colon.
When used with the Search API the querystring portion must be URL-encoded. For example, cURL users can specify -G --data-urlencode "q=score:>90"
as part of their command to correctly encode and append the search query.
The result of a search query are those CVEs that match all terms in the query. In other words, terms are combined using AND
.
Supported Terms
score
Search against a CVE's current score. If you are an Empirical.Models.Global customer, the current global score will be used. If you are an Empirical.Models.EPSS customer, the current EPSS score will be used. In both situations, scores from the latest version of the model will be used. Syntax for specifying score constraints (all scores are specified on a 0-100 scale and may contain decimals):
>N
>=N
<N
<=N
[N M]
Alias forscore:>=N score:<=M
If multiple score terms are given for a constraint, the final term is used. For example, score:>80 score:>60
is equivalent to score:>60
.
exp_activity
Alias for exploitation_activity
exploitation_activity
One of the following values:
true
Return CVEs for which Empirical has observed exploitation activity at any time.cisa_kev
Return CVEs that appear in the CISA Known Exploited Vulnerabilities list.0-7
Return CVEs for which Empirical has observed exploitation activity 0 to 7 days ago.last_7_days
Alias for0-7
.8-30
Return CVEs for which Empirical has observed exploitation activity 8 to 30 days ago.31-90
Return CVEs for which Empirical has observed exploitation activity 31 to 90 days ago.91-365
Return CVEs for which Empirical has observed exploitation activity 91 to 365 days ago.366+
Return CVEs for which Empirical has observed exploitation activity over 365 days ago.
vendor
The name of the software vendor responsible for the affected software. Spaces in vendor names should be replaced with underscores, for example: trend_micro
product
The name of the affected software product. Spaces in product names should be replaced with underscores, for example: airflow_hive_provider
recently_updated
past_day
Return CVEs which Empirical has updated in the past 24 hours.past_week
Return CVEs which Empirical has updated in the past 7 days.past_month
Return CVEs which Empirical has updated in the past 1 month.
Last updated
Was this helpful?