Vulnerability Intelligence

If you're looking to programmatically discover new and trending vulnerabilities or to enrich a specific vulnerability's information, this guide is designed to help you. This guide assumes you are looking for infomration about vulnerabilities in general, or you have a CVE you'd like to enrich. If you're looking to match vulnerablities to a specific version of sofware, please see our "Vulnerability Inference" guide.

Listing Vulnerabilities

For a list of all vulnerabilities currently available in the Mallory API, you can use the following endpoint. This endpoint supports filtering and pagination to help you narrow down the vulnerabilities to the subset you're specifically looking for.

Vulnerabilities Index

get

Endpoint to browse vulnerabilities, with filters on some criteria.

Authorizations

AuthorizationstringRequired

Enter your token in the format: Bearer

Query parameters

filterstringOptional

A string used to filter vulnerabilities. It can start with specific prefixes to indicate the type of filter:

cve:: Filter by CVE ID.
uuid:: Filter by UUID.
desc:: Filter by description.
gen_description:: Filter by gen_description.
gen_name:: Filter by gen_name.
cisa_kev:: Filter by cisa_kev.
If the filter string matches the pattern CVE- or a UUID pattern, it will be treated as a specific filter.
If no prefix is provided, it defaults to a description filter.

sortstringOptional

Field to sort by - either cve_id, created_at, updated_at, cvss_base_score, cvss_version, epss_score, epss_percentile

orderstringOptional

Sort order - either asc or desc

Default: descPattern: ^(asc|desc)$

offsetintegerOptional

The number of items to skip before starting to collect the result set.

Default: 0

limitinteger · min: 1Optional

The maximum number of items to return.

Default: 100

Responses

200

Successful Response

application/json

404

Not found

422

Validation Error

application/json

get

/v1/vulnerabilities

GET /v1/vulnerabilities HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*

{
  "data": [
    {
      "cisa_kev_added_at": "2025-12-09T22:02:24.046Z",
      "created_at": "2025-12-09T22:02:24.046Z",
      "cve_id": "text",
      "cvss_base_score": 1,
      "cvss_data": [
        {}
      ],
      "cvss_source": "text",
      "cvss_type": "text",
      "cvss_vector": "text",
      "cvss_version": 1,
      "description": "text",
      "enriched_at": "2025-12-09T22:02:24.046Z",
      "epss_percentile": 1,
      "epss_score": 1,
      "gen_cwe_id": "text",
      "gen_description": "text",
      "gen_impact": "text",
      "gen_mitigations": "text",
      "gen_name": "text",
      "gen_remediation": "text",
      "updated_at": "2025-12-09T22:02:24.046Z",
      "uuid": "text"
    }
  ],
  "limit": 1,
  "message": "text",
  "offset": 1,
  "total": 1
}

Querying and Enriching a Specific Vulnerability

To get more information about a specific vulnerability, you can use the following endpoint. This will return the core attributes of the vulnerability including scoring information and will include counts for additional related datapoints (which have their own endpoints, and can be found below).

Single Vulnerability

get

Authorizations

AuthorizationstringRequired

Enter your token in the format: Bearer

Path parameters

identifierstringRequired

The unique CVE ID or UUID of the vulnerability to retrieve

Responses

200

Successful Response

application/json

404

Not found

422

Validation Error

application/json

get

/v1/vulnerabilities/{identifier}

GET /v1/vulnerabilities/{identifier} HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*

{
  "cisa_kev_added_at": "2025-12-09T22:02:24.046Z",
  "created_at": "2025-12-09T22:02:24.046Z",
  "cve_id": "text",
  "cvss_base_score": 1,
  "cvss_data": [
    {}
  ],
  "cvss_source": "text",
  "cvss_type": "text",
  "cvss_vector": "text",
  "cvss_version": 1,
  "description": "text",
  "detection_signatures_count": 0,
  "enriched_at": "2025-12-09T22:02:24.046Z",
  "epss_percentile": 1,
  "epss_score": 1,
  "exploitations_count": 0,
  "exploits_count": 0,
  "gen_cwe_id": "text",
  "gen_description": "text",
  "gen_impact": "text",
  "gen_mitigations": "text",
  "gen_name": "text",
  "gen_remediation": "text",
  "mentions_count": 0,
  "updated_at": "2025-12-09T22:02:24.046Z",
  "uuid": "text",
  "vulnerable_configurations_count": 0,
  "weaknesses": [
    "text"
  ]
}

Vulnerability Details

While the above endpoint has counts for each of the following endpoints, you'll want to query the endpoints below for the details.

Single Vulnerability Exploits

get

Authorizations

AuthorizationstringRequired

Enter your token in the format: Bearer

Path parameters

identifierstringRequired

The unique CVE ID or UUID of the vulnerability to retrieve

Responses

200

Successful Response

application/json

404

Not found

422

Validation Error

application/json

get

/v1/vulnerabilities/{identifier}/exploits

GET /v1/vulnerabilities/{identifier}/exploits HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*

[
  {
    "authors": "text",
    "created_at": "2025-12-09T22:02:24.046Z",
    "description": "text",
    "disclosed_at": "2025-12-09T22:02:24.046Z",
    "maturity": "UNKNOWN",
    "updated_at": "2025-12-09T22:02:24.046Z",
    "url": "text",
    "uuid": "text",
    "vulnerabilities": [
      "text"
    ]
  }
]

Single Vulnerability Mentions

get

Authorizations

AuthorizationstringRequired

Enter your token in the format: Bearer

Path parameters

identifierstringRequired

The unique CVE ID or UUID of the vulnerability to retrieve

Responses

200

Successful Response

application/json

404

Not found

422

Validation Error

application/json

get

/v1/vulnerabilities/{identifier}/mentions

GET /v1/vulnerabilities/{identifier}/mentions HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*

[
  {
    "context": "text",
    "created_at": "2025-12-09T22:02:24.046Z",
    "cve_id": "text",
    "overview": "text",
    "published_at": "2025-12-09T22:02:24.046Z",
    "reference_source": "text",
    "reference_topic": "text",
    "reference_url": "text",
    "reference_user_generated_content": true,
    "reference_uuid": "text",
    "updated_at": "2025-12-09T22:02:24.046Z",
    "uuid": "text",
    "vulnerability_gen_name": "text",
    "vulnerability_uuid": "text"
  }
]

Single Vulnerability Detection Signatures

get

Authorizations

AuthorizationstringRequired

Enter your token in the format: Bearer

Path parameters

identifierstringRequired

The unique CVE ID or UUID of the vulnerability to retrieve

Responses

200

Successful Response

application/json

404

Not found

422

Validation Error

application/json

get

/v1/vulnerabilities/{identifier}/detection_signatures

GET /v1/vulnerabilities/{identifier}/detection_signatures HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*

[
  {
    "created_at": "2025-12-09T22:02:24.046Z",
    "description": "text",
    "method": "text",
    "name": "text",
    "source": "text",
    "updated_at": "2025-12-09T22:02:24.046Z",
    "upstream_id": "text",
    "uuid": "text"
  }
]

Single Vulnerability Exploitations

get

Authorizations

AuthorizationstringRequired

Enter your token in the format: Bearer

Path parameters

identifierstringRequired

The unique CVE ID or UUID of the vulnerability to retrieve

Responses

200

Successful Response

application/json

404

Not found

422

Validation Error

application/json

get

/v1/vulnerabilities/{identifier}/exploitations

GET /v1/vulnerabilities/{identifier}/exploitations HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*

[
  {
    "begins_at": "2025-12-09T22:02:24.046Z",
    "count": 1,
    "created_at": "2025-12-09T22:02:24.046Z",
    "detection_signature_method": "text",
    "detection_signature_name": "text",
    "detection_signature_source": "text",
    "detection_signature_uuid": "text",
    "ends_at": "2025-12-09T22:02:24.046Z",
    "updated_at": "2025-12-09T22:02:24.046Z",
    "uuid": "text"
  }
]

Single Vulnerability Configurations

get

Authorizations

AuthorizationstringRequired

Enter your token in the format: Bearer

Path parameters

identifierstringRequired

The unique CVE ID or UUID of the vulnerability to retrieve

Responses

200

Successful Response

application/json

404

Not found

422

Validation Error

application/json

get

/v1/vulnerabilities/{identifier}/configurations

GET /v1/vulnerabilities/{identifier}/configurations HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*

[
  {
    "cpe_id": "text",
    "created_at": "2025-12-09T22:02:24.046Z",
    "cve_id": "text",
    "edition": "text",
    "is_vulnerable": true,
    "language": "text",
    "other": "text",
    "product_display_name": "text",
    "product_name": "text",
    "product_type": "text",
    "set_id": "text",
    "sw_edition": "text",
    "target_hw": "text",
    "target_sw": "text",
    "updateEndIncluding": "text",
    "updateStartIncluding": "text",
    "updated_at": "2025-12-09T22:02:24.046Z",
    "uuid": "text",
    "vendor": "text",
    "vendor_display_name": "text",
    "versionEndExcluding": "text",
    "versionEndIncluding": "text",
    "versionStartExcluding": "text",
    "versionStartIncluding": "text"
  }
]

Last updated 10 months ago