Skip to content

Latest vulnerabilities (last 24 hours)

GET
/latest
curl --request GET \
--url 'https://patchstack.com/database/api/beta/latest?platform=wordpress&page=1&per_page=100&include=details' \
--header 'PSKey: <PSKey>'

Returns vulnerabilities whose row was inserted into the Patchstack database in the last 24 hours. The filter is on created_at (insertion time), not disclosure_date.

Accepts the same query parameters as /all.

platform
string
default: wordpress
Allowed values: wordpress npm

Platform to query. Case-insensitive.

page
integer
default: 1 >= 1

Offset-pagination page (1-indexed). Mutually exclusive with cursor.

per_page
integer
default: 100 >= 1 <= 500

Page size.

cursor
string

Opaque cursor. Presence of the param switches to cursor mode (send an empty value to bootstrap). Mutually exclusive with page.

include
string
Allowed values: details

Pass details to include the full advisory body (advisory_details) per item.

Paginated 24h vulnerability listing.

Media type application/json
One of:
object
vulnerabilities
required
Array<object>

Per-item shape shared across list endpoints when platform=npm.

object
id
required

Stable Patchstack vulnerability id.

integer
title
required

Human-readable title (prefixed with NPM: for npm advisories).

string
disclosed_at
required

When the vulnerability was publicly disclosed.

string format: date-time
created_at
required

When the row was inserted into the Patchstack DB. Drives /latest windowing.

string format: date-time
url
required

Public Patchstack vulnerability page (token-tagged).

string format: uri
vuln_type
required

High-level vulnerability category.

string
cve
required

First CVE identifier, or empty string when none is assigned.

string
is_exploited
required

Whether exploitation has been observed in the wild.

boolean
patch_priority
required

1 (low) to 3 (high).

integer
>= 1 <= 3
advisory_details

Full advisory body (markdown). Only present when ?include=details was passed.

string
product
required
object
id
required
integer
name
required
string
slug
required
string
cvss
required
object
score
number format: float
nullable
vector
string
nullable
cwe
required
object
id
integer
nullable
name
string
nullable
capec
required
object
id
integer
nullable
name
string
nullable
references
required

External reference URLs (advisories, commits, tags).

Array<string>
ghsa
required

GHSA identifier when the advisory came from the GitHub Advisory Database.

string
version_info
required
object
affected
required

Affected version range (e.g. <= 2026.3.28).

string
fixed
required

First fixed version.

string
patched_ranges
required

Structured list of patch ranges for advisories with multiple patch ranges.

Array<object>
object
from_version
string
to_version
string
fixed_in
string
pagination
required
object
current_page
required
integer
per_page
required
integer
total
required
integer
total_pages
required
integer
has_next_page
required
boolean
has_previous_page
required
boolean
next_page
integer
nullable
previous_page
integer
nullable
from
required
integer
to
required
integer
Example
{
"vulnerabilities": [
{
"id": 46500,
"title": "NPM: OpenClaw: ...",
"disclosed_at": "2026-04-03T03:15:56+00:00",
"created_at": "2026-04-21T08:38:34+00:00",
"url": "https://patchstack.com/database/npm/npm/openclaw/vulnerability/...",
"vuln_type": "Other Vulnerability Type",
"cve": "2026-41331",
"is_exploited": false,
"patch_priority": 2,
"advisory_details": "## Summary\n...",
"product": {
"id": 23595,
"name": "openclaw",
"slug": "openclaw"
},
"cvss": {
"score": 6.9,
"vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
},
"cwe": {
"id": 770,
"name": "Allocation of Resources Without Limits or Throttling"
},
"capec": {
"id": null,
"name": null
},
"references": [
"https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m",
"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"
],
"ghsa": "GHSA-m6fx-m8hc-572m",
"version_info": {
"affected": "<= 2026.3.28",
"fixed": "2026.3.31",
"patched_ranges": []
}
}
],
"pagination": {
"current_page": 1,
"per_page": 25,
"total": 6115,
"total_pages": 245,
"has_next_page": true,
"has_previous_page": false,
"next_page": 2,
"previous_page": null,
"from": 1,
"to": 25
}
}

Missing or invalid PSKey header.

API key not authorised for the requested endpoint.

Invalid parameter combination (e.g. cursor + page), invalid platform, or per_page > 500.

Rate limit exceeded.