Merge-pony Merge-pony - 11 months ago 121
HTTP Question

CVE Details API , get vulnerabilities by component

I need to get vulnerabilities by component at JSON format, but all I've get by using CVE Details API just single vulnerabilities where no components or something, only describe.

Here is an example of link

http://www.cvedetails.com/json-feed.php?numrows=10&vendor_id=0&product_id=0&version_id=0&hasexp=0&opec=0&opov=0&opcsrf=0&opfileinc=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opginf=0&opdos=0&orderby=3&cvssscoremin=0


Here is an example of JSON:

{
"cve_id": "CVE-2016-4951",
"cwe_id": "0",
"summary": "The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.",
"cvss_score": "7.2",
"exploit_count": "0",
"publish_date": "2016-05-23",
"update_date": "2016-05-24",
"url": "http://www.cvedetails.com/cve/CVE-2016-4951/"
}


Are there any way to get vulnerabilities by name of component? (new and old)

Answer Source

Red Hat maintains a CVE API that can be searched by component, e.g.:

https://access.redhat.com/labs/securitydataapi/cve.json?package=kernel&after=2017-02-17

Documentation for the API can be found here.

Note that the data is probably limited to components in Red Hat products.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download