Find a vulnerability by id
const url = 'https://patchstack.com/database/api/v2/vulnerability/4760';const options = {method: 'GET', headers: {PSKey: '<PSKey>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://patchstack.com/database/api/v2/vulnerability/4760 \ --header 'PSKey: <PSKey>'Look up a single advisory by its numeric id or PSID. Returns a richer shape than the list endpoints — includes CVSS vector, OWASP category, external references, credits, and submitter info.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”Example
4760Numeric Patchstack id or PSID.
Responses
Section titled “ Responses ”Detailed advisory payload.
Response shape for GET /vulnerability/{id}.
object
object
Disclosure date in YYYY-MM-DD HH:MM:SS form (legacy).
URL slug for the advisory.
object
Vulnerability category (e.g. SQL Injection).
object
OWASP category (e.g. A1: Injection).
External reference URLs with display titles.
object
object
Comma-separated list of specific affected versions, when applicable.
Discoverer of the vulnerability.
object
Submitter, when distinct from credit.
object
Example
{ "vulnerability": { "title": "WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.153.3 - Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability", "description": "Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability discovered by WordFence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin (versions <= 5.153.3).", "disclosure_date": "2021-05-03 00:00:00", "disclosed_at": "2021-05-03T00:00:00+00:00", "created_at": "2021-09-28T14:17:02+00:00", "is_exploited": true, "url": "wordpress-spam-protection-antispam-firewall-by-cleantalk-plugin-5-153-3-unauthenticated-time-based-blind-sql-injection-sqli-vulnerability", "direct_url": "https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-plugin-5-153-3-unauthenticated-time-based-blind-sql-injection-sqli-vulnerability" }, "product": { "name": "Spam protection, AntiSpam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "type": "Plugin" }, "type": "SQL Injection", "cvss": { "score": 7.5, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "description": "" }, "owasp": "A1: Injection", "references_url": [ { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24295", "title": "CVE" } ], "cve": [ "2021-24295" ], "versions": { "affected_in": "<= 5.153.3", "fixed_in": "5.153.4" }, "versions_list": null, "credit": { "name": "WordFence", "url": "https://twitter.com/wordfence" }, "submitter": { "name": "h00die", "url": "https://packetstormsecurity.com/files/author/7166/" }}Missing or invalid PSKey header.
API key not authorised for the requested endpoint.
Unknown product/version/vulnerability id.
Rate limit exceeded.