# CVE Vulnerability API > Look up software vulnerabilities by their CVE identifier and get clean, structured details — title, description, CVSS score, severity and vector, CWE weakness types, affected vendors and products with version ranges, and reference links — plus search every CVE that affects a given vendor or product, and stream the most recently published CVEs. Sourced from the CIRCL CVE Search service over the official CVE Record 5.1 data and returned as tidy JSON through a fast, reliable API. Ideal for vulnerability management and SOC tooling, DevSecOps and SCA pipelines, security dashboards, compliance and asset-risk monitoring. ## Authentication All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys. ```bash curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/cve-api/..." ``` ## Pricing - **Free** (Free) — 1,500 calls/Mo, 1 req/s - **Basic** ($4/Mo) — 25,000 calls/Mo, 5 req/s - **Pro** ($16/Mo) — 150,000 calls/Mo, 15 req/s - **Mega** ($40/Mo) — 600,000 calls/Mo, 40 req/s ## Endpoints ### CVE #### `GET /v1/cve` — CVE by id **Parameters:** - `id` (query, required, string) — CVE id Example: `CVE-2021-44228` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/cve-api/v1/cve?id=CVE-2021-44228" ``` **Response:** ```json { "data": { "id": "CVE-2021-44228", "cwe": [ { "id": "CWE-502", "name": "CWE-502 Deserialization of Untrusted Data" }, { "id": "CWE-400", "name": "CWE-400 Uncontrolled Resource Consumption" }, { "id": "CWE-20", "name": "CWE-20 Improper Input Validation" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228", "cvss": { "score": 10, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "V3.1", "severity": "CRITICAL" }, "state": "PUBLISHED", "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", "updated": "2025-10-21T23:25:23.121Z", "affected": [ { "vendor": "Apache Software Foundation", "product": "Apache Log4j2", "versions": [ "2.0-beta9" ] } ], "assigner": "apache", "published": "2021-12-10T00:00:00.000Z", "references": [ "https://logging.apache.org/log4j/2.x/security.html", "http://www.openwall.com/lists/oss-security/2021/12/10/1", "http://www.openwall.com/lists/oss-security/2021/12/10/2", "https://tools.cisc …(truncated, see openapi.json for full schema) ``` #### `GET /v1/recent` — Recently published CVEs **Parameters:** - `limit` (query, optional, string) — 1-30 (default 20) Example: `20` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/cve-api/v1/recent?limit=20" ``` **Response:** ```json { "data": { "count": 20, "results": [ { "id": null, "cwe": [], "url": null, "cvss": null, "state": null, "title": null, "updated": null, "affected": [], "assigner": null, "published": null, "references": [], "description": null }, { "id": "CVE-2026-10127", "cwe": [ { "id": "CWE-77", "name": "Command Injection" }, { "id": "CWE-74", "name": "Injection" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2026-10127", "cvss": { "score": 5.3, "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "version": "V4.0", "severity": "MEDIUM" }, "state": "PUBLISHED", "title": "Edimax BR-6478AC POST Request formStaDrvSetup command injection", "updated": "2026-05-30T16:30:08.799Z", "affected": [ { "vendor": "Edimax", "product": "BR-6478AC", …(truncated, see openapi.json for full schema) ``` #### `GET /v1/search` — CVEs by vendor / product **Parameters:** - `vendor` (query, required, string) — Vendor Example: `apache` - `product` (query, optional, string) — Product (defaults to vendor) Example: `log4j` - `page` (query, optional, string) — Page (default 1) Example: `1` - `limit` (query, optional, string) — 1-50 (default 20) Example: `20` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/cve-api/v1/search?vendor=apache&product=log4j&page=1&limit=20" ``` **Response:** ```json { "data": { "page": 1, "count": 5, "total": 52, "vendor": "apache", "product": "log4j", "results": [ { "id": "CVE-2026-34481", "cwe": [ { "id": "CWE-116", "name": "CWE-116 Improper Encoding or Escaping of Output" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2026-34481", "cvss": { "score": 6.3, "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N", "version": "V4.0", "severity": "MEDIUM" }, "state": "PUBLISHED", "title": "Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout", "updated": "2026-04-10T17:41:38.229Z", "affected": [ { "vendor": "Apache Software Foundation", "product": "Apache Log4j JSON Template Layout", "versions": [ "2.14.0", "3.0.0-alpha1" ] } ], "assigner": "apache", "published": "2026-04-10T15:43:00.100Z", "references": [ …(truncated, see openapi.json for full schema) ``` --- Marketplace page: https://www.oanor.com/api/cve-api OpenAPI spec: https://www.oanor.com/api/cve-api/openapi.json