{"openapi":"3.1.0","info":{"title":"Vulnerability Intelligence API","version":"1.0.0","description":"Prioritise CVEs by real-world exploitation risk — not just severity. Combines the FIRST.org EPSS score (the probability, 0 to 1, that a CVE will be exploited in the next 30 days, with its percentile rank) and the CISA KEV catalog (vulnerabilities confirmed to be actively exploited in the wild — with the vendor, product, date added, remediation due date and whether the flaw is used in ransomware campaigns), and derives a single priority level for each CVE. Look up to 25 CVEs in one call, browse the full CISA Known Exploited Vulnerabilities catalog filtered by vendor, product or ransomware use, or list the CVEs with the highest current EPSS scores. Built for vulnerability management, patch prioritisation, risk scoring and security dashboards — answering not \"how bad could this be?\" but \"how likely is it to actually be exploited?\". A vulnerability-prioritisation layer — distinct from raw CVE details and CVSS severity (cve), password-breach checks (pwned) and the HTTP security-header grader (secheaders). Data live from FIRST.org and CISA. No upstream key, no cache.","contact":{"name":"PremiumApi","url":"https://www.oanor.com/by/premiumapi"}},"servers":[{"url":"https://api.oanor.com/vulnintel-api","description":"oanor gateway"}],"tags":[{"name":"Vulnerability Intelligence"},{"name":"Meta"}],"components":{"securitySchemes":{"oanorKey":{"type":"apiKey","in":"header","name":"x-oanor-key","description":"Get your key at https://www.oanor.com/developer/keys"}}},"security":[{"oanorKey":[]}],"paths":{"/v1/cve":{"get":{"operationId":"get_v1_cve","tags":["Vulnerability Intelligence"],"summary":"EPSS + KEV intelligence for a CVE","description":"","parameters":[{"name":"cve","in":"query","required":true,"description":"CVE id(s), comma-separated (max 25)","schema":{"type":"string"},"example":"CVE-2021-44228"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"count":1,"results":[{"cve":"CVE-2021-44228","kev":{"cve":"CVE-2021-44228","name":"Apache Log4j2 Remote Code Execution Vulnerability","listed":true,"vendor":"Apache","product":"Log4j2","due_date":"2021-12-24","date_added":"2021-12-10","required_action":"For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.","known_ransomware":true},"epss":{"date":"2026-06-01","score":0.94358,"percentile":0.99964},"priority":"critical — actively exploited (CISA KEV)"}],"kev_catalog_version":"2026.06.01"},"meta":{"timestamp":"2026-06-01T23:40:49.098Z","request_id":"86f9000d-112f-4def-92a5-73f0003bc983"},"status":"ok","message":"CVE intelligence retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/kev":{"get":{"operationId":"get_v1_kev","tags":["Vulnerability Intelligence"],"summary":"Browse the CISA KEV catalog","description":"","parameters":[{"name":"vendor","in":"query","required":false,"description":"Filter by vendor","schema":{"type":"string"}},{"name":"product","in":"query","required":false,"description":"Filter by product","schema":{"type":"string"}},{"name":"ransomware","in":"query","required":false,"description":"true = ransomware-linked only","schema":{"type":"string"}},{"name":"limit","in":"query","required":false,"description":"1-200 (default 20)","schema":{"type":"string"}},{"name":"offset","in":"query","required":false,"description":"Paging offset","schema":{"type":"string"}}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"count":20,"limit":20,"total":1608,"offset":0,"catalog_version":"2026.06.01","vulnerabilities":[{"cve":"CVE-2024-21182","name":"Oracle WebLogic Server Unspecified Vulnerability","vendor":"Oracle","product":"WebLogic Server","due_date":"2026-06-04","date_added":"2026-06-01","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-0257","name":"Palo Alto Networks PAN-OS Authentication Bypass Vulnerability","vendor":"Palo Alto Networks","product":"PAN-OS","due_date":"2026-06-01","date_added":"2026-05-29","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-48027","name":"Nx Console Embedded Malicious Code Vulnerability","vendor":"Nx","product":"Nx Console","due_date":"2026-06-10","date_added":"2026-05-27","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":true},{"cve":"CVE-2026-45321","name":"TanStack Unspecified Vulnerability","vendor":"TanStack","product":"TanStack","due_date":"2026-06-10","date_added":"2026-05-27","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":true},{"cve":"CVE-2026-8398","name":"Daemon Tools Lite Embedded Malicious Code Vulnerability","vendor":"Daemon","product":"Daemon Tools Lite","due_date":"2026-05-30","date_added":"2026-05-27","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-48172","name":"LiteSpeed cPanel Plugin Privilege Escalation Vulnerability","vendor":"LiteSpeed","product":"cPanel Plugin","due_date":"2026-05-29","date_added":"2026-05-26","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-9082","name":"Drupal Core SQL Injection Vulnerability","vendor":"Drupal","product":"Core","due_date":"2026-05-27","date_added":"2026-05-22","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2025-34291","name":"Langflow Origin Validation Error Vulnerability","vendor":"Langflow","product":"Langflow","due_date":"2026-06-04","date_added":"2026-05-21","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-34926","name":"Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability","vendor":"Trend Micro","product":"Apex One","due_date":"2026-06-04","date_added":"2026-05-21","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2008-4250","name":"Microsoft Windows Buffer Overflow Vulnerability","vendor":"Microsoft","product":"Windows","due_date":"2026-06-03","date_added":"2026-05-20","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2009-1537","name":"Microsoft DirectX NULL Byte Overwrite Vulnerability","vendor":"Microsoft","product":"DirectX","due_date":"2026-06-03","date_added":"2026-05-20","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2009-3459","name":"Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability","vendor":"Adobe","product":"Acrobat and Reader","due_date":"2026-06-03","date_added":"2026-05-20","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2010-0249","name":"Microsoft Internet Explorer Use-After-Free Vulnerability","vendor":"Microsoft","product":"Internet Explorer","due_date":"2026-06-03","date_added":"2026-05-20","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2010-0806","name":"Microsoft Internet Explorer Use-After-Free Vulnerability","vendor":"Microsoft","product":"Internet Explorer","due_date":"2026-06-03","date_added":"2026-05-20","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-41091","name":"Microsoft Defender Link Following Vulnerability","vendor":"Microsoft","product":"Defender","due_date":"2026-06-03","date_added":"2026-05-20","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-45498","name":"Microsoft Defender Denial of Service Vulnerability","vendor":"Microsoft","product":"Defender","due_date":"2026-06-03","date_added":"2026-05-20","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-42897","name":"Microsoft Exchange Server Cross-Site Scripting Vulnerability","vendor":"Microsoft","product":"Microsoft","due_date":"2026-05-29","date_added":"2026-05-15","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-20182","name":"Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability","vendor":"Cisco","product":"Catalyst SD-WAN","due_date":"2026-05-17","date_added":"2026-05-14","required_action":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","known_ransomware":false},{"cve":"CVE-2026-42208","name":"BerriAI LiteLLM SQL Injection Vulnerability","vendor":"BerriAI","product":"LiteLLM","due_date":"2026-05-11","date_added":"2026-05-08","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false},{"cve":"CVE-2026-6973","name":"Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability","vendor":"Ivanti","product":"Endpoint Manager Mobile (EPMM)","due_date":"2026-05-10","date_added":"2026-05-07","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","known_ransomware":false}]},"meta":{"timestamp":"2026-06-01T23:40:49.255Z","request_id":"91b1fb0c-1263-4a80-a1e4-f92b8b7f3bd4"},"status":"ok","message":"KEV catalog retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/top":{"get":{"operationId":"get_v1_top","tags":["Vulnerability Intelligence"],"summary":"Highest-EPSS CVEs","description":"","parameters":[{"name":"limit","in":"query","required":false,"description":"1-100 (default 20)","schema":{"type":"string"},"example":"10"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"count":10,"results":[{"cve":"CVE-2023-23752","date":"2026-06-01","epss":0.9452,"percentile":1},{"cve":"CVE-2017-8917","date":"2026-06-01","epss":0.94513,"percentile":1},{"cve":"CVE-2018-7600","date":"2026-06-01","epss":0.94489,"percentile":1},{"cve":"CVE-2021-22986","date":"2026-06-01","epss":0.94485,"percentile":0.99999},{"cve":"CVE-2018-1000861","date":"2026-06-01","epss":0.94485,"percentile":1},{"cve":"CVE-2017-1000353","date":"2026-06-01","epss":0.94479,"percentile":0.99999},{"cve":"CVE-2018-13379","date":"2026-06-01","epss":0.94473,"percentile":0.99999},{"cve":"CVE-2019-3396","date":"2026-06-01","epss":0.94471,"percentile":0.99998},{"cve":"CVE-2019-17558","date":"2026-06-01","epss":0.9447,"percentile":0.99998},{"cve":"CVE-2022-46169","date":"2026-06-01","epss":0.94469,"percentile":0.99998}]},"meta":{"timestamp":"2026-06-01T23:40:49.364Z","request_id":"7b27a8f2-c7ce-4377-90cb-4ff3264c623c"},"status":"ok","message":"Top EPSS CVEs retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/meta":{"get":{"operationId":"get_v1_meta","tags":["Meta"],"summary":"Sources & priority levels","description":"","parameters":[],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"note":"Prioritise CVEs by real-world exploitation risk, not just severity. /v1/cve?cve=CVE-2021-44228 combines the FIRST.org EPSS score (the probability — 0 to 1 — that a CVE will be exploited in the next 30 days, with its percentile rank) and the CISA KEV catalog (vulnerabilities confirmed to be exploited in the wild, with the vendor, product, date added, remediation due date and whether it is used in ransomware), and derives a single priority level. Look up to 25 CVEs at once. /v1/kev browses the full CISA Known Exploited Vulnerabilities catalog, filterable by vendor, product or ransomware use. /v1/top lists the CVEs with the highest current EPSS scores. Built for vulnerability management, patch prioritisation, risk scoring and security dashboards — answering not 'how bad could this be?' but 'how likely is it to actually be exploited?'. A vulnerability-prioritisation layer — distinct from raw CVE details and CVSS severity (cve), password-breach checks (pwned) and the security-header grader (secheaders). Data live from FIRST.org and CISA. No key, no cache.","sources":["FIRST.org EPSS (api.first.org)","CISA Known Exploited Vulnerabilities (cisagov KEV)"],"endpoints":["/v1/cve","/v1/kev","/v1/top","/v1/meta"],"priority_levels":["critical — actively exploited (CISA KEV)","high (EPSS ≥ 0.5)","medium (EPSS ≥ 0.1)","low","unknown"]},"meta":{"timestamp":"2026-06-01T23:40:49.473Z","request_id":"99d7ae4d-9b38-47ba-b935-1b78ccba88c6"},"status":"ok","message":"Meta retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}}},"x-oanor-pricing":[{"slug":"free","name":"Free","price_cents_month":0,"monthly_call_quota":2320,"rps_limit":2,"hard_limit":true},{"slug":"starter","name":"Starter","price_cents_month":675,"monthly_call_quota":46000,"rps_limit":8,"hard_limit":true},{"slug":"pro","name":"Pro","price_cents_month":2140,"monthly_call_quota":236000,"rps_limit":20,"hard_limit":true},{"slug":"mega","name":"Mega","price_cents_month":5620,"monthly_call_quota":870000,"rps_limit":50,"hard_limit":true}],"x-oanor-marketplace-url":"https://www.oanor.com/api/vulnintel-api"}