#vulnerability

Prioritise CVEs by real-world exploitation risk — not just severity. Combines the FIRST.org EPSS score (the probability, 0 to 1, that a CVE will be exploited in the next 30 days, with its percentile rank) and the CISA KEV catalog (vulnerabilities confirmed to be actively exploited in the wild — with the vendor, product, date added, remediation due date and whether the flaw is used in ransomware campaigns), and derives a single priority level for each CVE. Look up to 25 CVEs in one call, browse the full CISA Known Exploited Vulnerabilities catalog filtered by vendor, product or ransomware use, or list the CVEs with the highest current EPSS scores. Built for vulnerability management, patch prioritisation, risk scoring and security dashboards — answering not "how bad could this be?" but "how likely is it to actually be exploited?". A vulnerability-prioritisation layer — distinct from raw CVE details and CVSS severity (cve), password-breach checks (pwned) and the HTTP security-header grader (secheaders). Data live from FIRST.org and CISA. No upstream key, no cache.

api.oanor.com/vulnintel-api

Look up software vulnerabilities by their CVE identifier and get clean, structured details — title, description, CVSS score, severity and vector, CWE weakness types, affected vendors and products with version ranges, and reference links — plus search every CVE that affects a given vendor or product, and stream the most recently published CVEs. Sourced from the CIRCL CVE Search service over the official CVE Record 5.1 data and returned as tidy JSON through a fast, reliable API. Ideal for vulnerability management and SOC tooling, DevSecOps and SCA pipelines, security dashboards, compliance and asset-risk monitoring.

api.oanor.com/cve-api