Bulk product check
const url = 'https://patchstack.com/database/api/v2/batch';const options = { method: 'POST', headers: {PSKey: '<PSKey>', 'Content-Type': 'application/json'}, body: '[{"name":"easy-digital-downloads1","version":"1.0.0","type":"plugin","exists":true},{"name":"wordpress","version":"3.0.0","type":"wordpress","exists":true}]'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://patchstack.com/database/api/v2/batch \ --header 'Content-Type: application/json' \ --header 'PSKey: <PSKey>' \ --data '[ { "name": "easy-digital-downloads1", "version": "1.0.0", "type": "plugin", "exists": true }, { "name": "wordpress", "version": "3.0.0", "type": "wordpress", "exists": true } ]'Check up to 50 products in a single request. Items with exists: true
return a boolean per slug; items with exists: false return the full
advisory list per slug.
The response is keyed by product_slug, not by array index —
duplicate slugs in the request collapse.
Authorizations
Section titled “Authorizations ”Request Body required
Section titled “Request Body required ”object
Product slug (plugin/theme slug, or wordpress).
Concrete version.
When true, return a boolean-only result for this item.
Examples
Boolean-only across all items
[ { "name": "easy-digital-downloads1", "version": "1.0.0", "type": "plugin", "exists": true }, { "name": "wordpress", "version": "3.0.0", "type": "wordpress", "exists": true }]Mix of full advisory list and boolean
[ { "name": "easy-digital-downloads1", "version": "1.0.0", "type": "plugin", "exists": false }, { "name": "wordpress", "version": "3.0.0", "type": "wordpress", "exists": true }]Responses
Section titled “ Responses ”Per-slug results.
object
object
Flat per-item shape returned by the Extended tier. Superset of the
Standard shape — adds description, vuln_type, cvss_score, cve,
is_exploited, patch_priority, affected_in, and
patched_in_ranges.
object
Stable Patchstack vulnerability id.
Stable Patchstack product id.
Human-readable title including product name, affected version, and vulnerability type.
Short narrative summary of the advisory.
Disclosure date in YYYY-MM-DD HH:MM:SS form (legacy).
Disclosure date in ISO 8601.
When the row was inserted into the Patchstack database (ISO 8601). Drives /latest windowing.
URL slug for the advisory.
Lowercase slug of the product.
Display name of the product.
Premium variant name when the author ships two plugins under the same slug. null in the common case.
Product ecosystem.
High-level vulnerability category (e.g. SQL Injection, Cross Site Scripting (XSS)).
CVSS base score, 1.0–10.0. null for unclassified advisories.
CVE identifiers. An advisory can have zero, one, or multiple.
Whether exploitation has been observed in the wild.
Recommended patch urgency.
1— Low → patch within 30 days2— Medium → patch within 7 days3+— High → patch immediatelynull— unknown
Affected version range. Formats include <= x.x.x, < x.x.x,
x.x.x-x.x.x, x.x.x,x.x.x, or a single x.x.x.
First fixed version. Empty string when Patchstack has not yet recorded one.
For products that ship patches across multiple minor lines
(WordPress core, WooCommerce, Ninja Forms, …), each entry
describes a from_version–to_version range and its fix.
object
Starting version, inclusive.
Ending version, inclusive.
Version that contains the patch for this range.
Public Patchstack vulnerability page.
Examples
Boolean-only response
{ "vulnerabilities": { "easy-digital-downloads1": true, "wordpress": true }}Mixed response
{ "vulnerabilities": { "easy-digital-downloads1": [ { "id": 4532, "product_id": 1572, "title": "WordPress Easy Digital Downloads plugin <= 2.10.2 - Cross-Site Request Forgery (CSRF) vulnerability", "description": "Cross-Site Request Forgery (CSRF) vulnerability discovered by WPScan team in WordPress Easy Digital Downloads plugin (versions <= 2.10.2).", "disclosure_date": "2021-04-16 00:00:00", "disclosed_at": "2021-04-16T00:00:00+00:00", "created_at": "2021-04-19T04:43:04+00:00", "url": "wordpress-easy-digital-downloads-plugin-2-10-2-cross-site-request-forgery-csrf-vulnerability", "product_slug": "easy-digital-downloads1", "product_name": "Easy Digital Downloads", "product_name_premium": null, "product_type": "Plugin", "vuln_type": "Cross Site Request Forgery (CSRF)", "cvss_score": 6.5, "cve": [], "is_exploited": false, "affected_in": "<= 2.10.2", "fixed_in": "2.10.3", "direct_url": "https://patchstack.com/database/vulnerability/easy-digital-downloads1/wordpress-easy-digital-downloads-plugin-2-10-2-cross-site-request-forgery-csrf-vulnerability" } ], "wordpress": true }}Missing or invalid PSKey header.
API key not authorised for the requested endpoint.
Invalid request payload (e.g. batch with more than 50 items).
Rate limit exceeded.