API Overview
The Vulnpatch API provides programmatic access to vulnerability data aggregated from multiple sources.
Base URL
https://api.vulnpatch.dev/api/v1/Endpoints Summary
| Method | Endpoint | Description |
|---|---|---|
GET | /stats | Get vulnerability statistics |
GET | /issues | List tracked CVE issues |
GET | /repology/:package | Get package version info from Repology |
GET | /osv/:package | Get vulnerabilities from OSV.dev |
GET | /vulns/:package | Get CVE matches with confidence scores |
GET | /osv-details/:id | Get detailed vulnerability information |
Common Parameters
Query Parameters
| Parameter | Type | Description |
|---|---|---|
ecosystem | string | Filter by ecosystem (e.g., npm, PyPI, Debian) |
version | string | Filter by package version |
Headers
| Header | Description |
|---|---|
Accept | Always returns application/json |
Response Format
Success Response
json
{
"success": true,
"data": {
// Endpoint-specific data
},
"timestamp": "2024-01-15T12:00:00.000Z"
}Error Response
json
{
"success": false,
"error": "Error message describing what went wrong"
}HTTP Status Codes
| Code | Description |
|---|---|
200 | Success |
400 | Bad request (invalid parameters) |
404 | Resource not found |
429 | Rate limit exceeded |
500 | Internal server error |
CORS
The API supports CORS for browser-based applications. All origins are allowed for read-only endpoints.
Caching
Responses include cache headers:
| Header | Description |
|---|---|
X-Cache | HIT if served from cache, MISS otherwise |
Cache-Control | Browser caching directives |
SDKs & Libraries
Currently, there are no official SDKs. The API is designed to be easily consumed with standard HTTP clients:
bash
curl https://api.vulnpatch.dev/api/v1/statsjavascript
const response = await fetch('https://api.vulnpatch.dev/api/v1/stats');
const data = await response.json();python
import requests
response = requests.get('https://api.vulnpatch.dev/api/v1/stats')
data = response.json()