CVE Lookup

Free CVE API

A free, no-key API for CVE data that leads with the fix. Every record carries the exact fixed versions and advisories per affected product, plus CVSS, EPSS, and CISA KEV status, with machine-readable source and license provenance.

Quick start

No key or sign-up required. The base URL is https://tridentstack.com/api/v1. Responses are JSON.

curl https://tridentstack.com/api/v1/cve/CVE-2024-3094

Full machine-readable contract: OpenAPI 3.1 spec.

Endpoints

GET/api/v1/cve/{id}
One CVE: CVSS, EPSS, CISA KEV, CWEs, references (tagged by type), and the remediation object, which lists the fixed version and advisory for each affected product. Each remediation entry carries its own source and license; dataSources lists only the sources that contributed to that record.
GET/api/v1/cve/{id}/osv
The same CVE in the OSV schema, so scanners like Trivy, Grype, and Renovate can consume the remediation natively. Per-source license provenance rides in database_specific.
GET/api/v1/cve
Search and list CVEs. Filter by q, severity, kev, fix, epss_min, and year; sort by published, epss, cvss, cve, fix, or kev. Paginate with limit (max 100) and the nextCursor from each response.
POST/api/v1/cve/batch
Resolve up to 100 CVE ids in one request. Send { "ids": ["CVE-2024-3094", ...] }; get back the full records found plus a notFound list.
GET/api/v1/cve/bulk.jsonl
The whole catalog as JSON Lines (one lean CVE summary per line), streamed. Resume with ?after=CVE-XXXX. Pair it with the delta feed to stay in sync.
GET/api/v1/cve/modified.csv
A cve_id,modified delta feed for the whole catalog, so you can diff against your last sync and re-fetch only what changed.
# Actively-exploited CVEs that have an available fix, highest EPSS first
curl "https://tridentstack.com/api/v1/cve?kev=true&fix=true&sort=epss&limit=20"

Example response

An abbreviated GET /api/v1/cve/{id} response:

{
  "cveId": "CVE-2024-3094",
  "severity": "CRITICAL",
  "cvss": { "version": "3.1", "baseScore": 10.0, "severity": "CRITICAL" },
  "epss": { "score": 0.94, "percentile": 0.99 },
  "kev": { "dateAdded": "2024-03-29", "dueDate": "2024-04-05", "ransomware": false },
  "remediation": {
    "available": true,
    "products": [
      {
        "ecosystem": "debian", "product": "xz-utils",
        "atoms": [
          {
            "fixedVersion": "5.6.1+really5.4.5-1",
            "advisoryId": "DSA-5649-1",
            "sourceUrl": "https://security-tracker.debian.org/tracker/CVE-2024-3094",
            "source": "Debian Security Tracker",
            "license": "Open data (factual records)"
          }
        ]
      }
    ]
  },
  "dataSources": [
    { "name": "NVD (National Vulnerability Database)", "license": "Public domain (U.S. Government work)" },
    { "name": "CISA Known Exploited Vulnerabilities", "license": "Public domain (CC0)" },
    { "name": "Debian Security Tracker", "license": "Open data (factual records)" }
  ],
  "_links": { "self": "/api/v1/cve/CVE-2024-3094", "html": "https://tridentstack.com/cve/CVE-2024-3094" }
}

Rate limits

The API is rate-limited per IP. Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. When you exceed the limit you get a 429 with a Retry-After header. CVE data changes slowly, so cache responses where you can. For bulk needs, a daily bulk download is on the roadmap.

Attribution & licensing

The API is free to use. Each record is built from public and openly-licensed sources, and every remediation entry carries its own source and license so you can honor the terms of each. If you redistribute the data, preserve those per-record attributions. A full breakdown of every source and its license is on the about & data sources page.

The same remediation data powers TridentStack Control, which automates patching, vulnerability detection, and compliance across your fleet.