Vulnerability Intelligence
Last updated
Last updated
If you're looking to programmatically discover new and trending vulnerabilities or to enrich a specific vulnerability's information, this guide is designed to help you. This guide assumes you are looking for infomration about vulnerabilities in general, or you have a CVE you'd like to enrich. If you're looking to match vulnerablities to a specific version of sofware, please see our "Vulnerability Inference" guide.
For a list of all vulnerabilities currently available in the Mallory API, you can use the following endpoint. This endpoint supports filtering and pagination to help you narrow down the vulnerabilities to the subset you're specifically looking for.
To get more information about a specific vulnerability, you can use the following endpoint. This will return the core attributes of the vulnerability including scoring information and will include counts for additional related datapoints (which have their own endpoints, and can be found below).
While the above endpoint has counts for each of the following endpoints, you'll want to query the endpoints below for the details.
Endpoint to browse vulnerabilities, with filters on some criteria.
A string used to filter vulnerabilities. It can start with specific prefixes to indicate the type of filter:
cve:: Filter by CVE ID.uuid:: Filter by UUID.desc:: Filter by description.gen_description:: Filter by gen_description.gen_name:: Filter by gen_name.cisa_kev:: Filter by cisa_kev.CVE- or a UUID pattern, it will be treated as a specific filter.Field to sort by - either cve_id, created_at, updated_at, cvss_base_score, cvss_version, epss_score, epss_percentile
created_atPattern: ^(cve_id|created_at|updated_at|cvss_base_score|cvss_version|epss_score|epss_percentile)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100