Latest vulnerabilities (last 24 hours)
const url = 'https://patchstack.com/database/api/beta/latest?platform=wordpress&page=1&per_page=100&include=details';const options = {method: 'GET', headers: {PSKey: '<PSKey>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url 'https://patchstack.com/database/api/beta/latest?platform=wordpress&page=1&per_page=100&include=details' \ --header 'PSKey: <PSKey>'Returns vulnerabilities whose row was inserted into the Patchstack
database in the last 24 hours. The filter is on created_at
(insertion time), not disclosure_date.
Accepts the same query parameters as /all.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Query Parameters
Section titled “Query Parameters ”Platform to query. Case-insensitive.
Offset-pagination page (1-indexed). Mutually exclusive with cursor.
Page size.
Opaque cursor. Presence of the param switches to cursor mode (send an
empty value to bootstrap). Mutually exclusive with page.
Pass details to include the full advisory body (advisory_details) per item.
Responses
Section titled “ Responses ”Paginated 24h vulnerability listing.
object
Per-item shape shared across list endpoints when platform=npm.
object
Stable Patchstack vulnerability id.
Human-readable title (prefixed with NPM: for npm advisories).
When the vulnerability was publicly disclosed.
When the row was inserted into the Patchstack DB. Drives /latest windowing.
Public Patchstack vulnerability page (token-tagged).
High-level vulnerability category.
First CVE identifier, or empty string when none is assigned.
Whether exploitation has been observed in the wild.
1 (low) to 3 (high).
Full advisory body (markdown). Only present when ?include=details was passed.
object
object
object
object
External reference URLs (advisories, commits, tags).
GHSA identifier when the advisory came from the GitHub Advisory Database.
object
Affected version range (e.g. <= 2026.3.28).
First fixed version.
Structured list of patch ranges for advisories with multiple patch ranges.
object
object
object
Per-item shape shared across list endpoints when platform=npm.
object
Stable Patchstack vulnerability id.
Human-readable title (prefixed with NPM: for npm advisories).
When the vulnerability was publicly disclosed.
When the row was inserted into the Patchstack DB. Drives /latest windowing.
Public Patchstack vulnerability page (token-tagged).
High-level vulnerability category.
First CVE identifier, or empty string when none is assigned.
Whether exploitation has been observed in the wild.
1 (low) to 3 (high).
Full advisory body (markdown). Only present when ?include=details was passed.
object
object
object
object
External reference URLs (advisories, commits, tags).
GHSA identifier when the advisory came from the GitHub Advisory Database.
object
Affected version range (e.g. <= 2026.3.28).
First fixed version.
Structured list of patch ranges for advisories with multiple patch ranges.
object
object
Opaque cursor for the next page. null when there are no more pages.
Example
{ "vulnerabilities": [ { "id": 46500, "title": "NPM: OpenClaw: ...", "disclosed_at": "2026-04-03T03:15:56+00:00", "created_at": "2026-04-21T08:38:34+00:00", "url": "https://patchstack.com/database/npm/npm/openclaw/vulnerability/...", "vuln_type": "Other Vulnerability Type", "cve": "2026-41331", "is_exploited": false, "patch_priority": 2, "advisory_details": "## Summary\n...", "product": { "id": 23595, "name": "openclaw", "slug": "openclaw" }, "cvss": { "score": 6.9, "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, "cwe": { "id": 770, "name": "Allocation of Resources Without Limits or Throttling" }, "capec": { "id": null, "name": null }, "references": [ "https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m", "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" ], "ghsa": "GHSA-m6fx-m8hc-572m", "version_info": { "affected": "<= 2026.3.28", "fixed": "2026.3.31", "patched_ranges": [] } } ], "pagination": { "current_page": 1, "per_page": 25, "total": 6115, "total_pages": 245, "has_next_page": true, "has_previous_page": false, "next_page": 2, "previous_page": null, "from": 1, "to": 25 }}Missing or invalid PSKey header.
API key not authorised for the requested endpoint.
Invalid parameter combination (e.g. cursor + page), invalid platform, or per_page > 500.
Rate limit exceeded.