CVE API Documentation

Access comprehensive vulnerability information through our CVE API, providing structured data from trusted sources like NVD and Apache. We created this free API with no subscription needed to support transparency and open access to security data, addressing the poor performance and restrictions that plague other solutions.

GET /v1/cve/{cveId}

Retrieve detailed vulnerability information for a specific CVE (Common Vulnerabilities and Exposures) identifier. This endpoint returns structured metadata, CVSS scores, CWEs, and a vulnerability description from trusted sources like NVD and Apache.

Request

Endpoint

GET https://vuln-api.corgea.app/v1/cve/{cveId}

Path Parameters

Name	Type	Required	Description
cveId	string	Yes	The CVE identifier (e.g., CVE-2021-44228)

Response

Status Codes

Code	Description
200	CVE found and returned successfully
404	CVE not found
500	Internal server error

Response Body Example

{
  "id": "CVE-2021-44228",
  "sourceIdentifier": "security@apache.org",
  "published": "2021-12-10T10:15:09.143",
  "lastModified": "2025-04-03T20:53:22.977",
  "vulnStatus": "Analyzed",
  "description": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases...)",
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "baseScore": 10,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "baseScore": 9.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "cwes": [
    "CWE-20",
    "CWE-400",
    "CWE-502",
    "CWE-917"
  ],
  "severity": "CRITICAL"
}

Fields

Top-Level Fields

Field	Type	Description
id	string	The CVE identifier.
sourceIdentifier	string	The source or vendor reporting the vulnerability.
published	string (ISO 8601)	Date when the CVE was published.
lastModified	string (ISO 8601)	Last update to this CVE record.
vulnStatus	string	Current status (e.g., "Analyzed").
description	string	Human-readable explanation of the vulnerability.
severity	string	Overall severity rating (e.g., "CRITICAL").
cwes	array of strings	Associated Common Weakness Enumeration (CWE) identifiers.
metrics	object	Includes CVSS v3.1 and v2 scoring details.

Usage Example

curl https://vuln-api.corgea.app/v1/cve/CVE-2021-44228

Find and fix vulnerabilities with Corgea

Scan your codebase for CWEs and get remediation guidance

Start for free and no credit card needed.