Skip to content

Find a vulnerability by id

GET
/vulnerability/{id}
curl --request GET \
--url https://patchstack.com/database/api/v2/vulnerability/4760 \
--header 'PSKey: <PSKey>'

Look up a single advisory by its numeric id or PSID. Returns a richer shape than the list endpoints — includes CVSS vector, OWASP category, external references, credits, and submitter info.

id
required
string
Example
4760

Numeric Patchstack id or PSID.

Detailed advisory payload.

Media type application/json

Response shape for GET /vulnerability/{id}.

object
vulnerability
required
object
title
required
string
description
required
string
disclosure_date

Disclosure date in YYYY-MM-DD HH:MM:SS form (legacy).

string
disclosed_at
required
string format: date-time
created_at
required
string format: date-time
is_exploited
required
boolean
url
required

URL slug for the advisory.

string
direct_url
required
string format: uri
product
required
object
name
required
string
slug
required
string
type
required
string
Allowed values: Plugin Theme WordPress
type
required

Vulnerability category (e.g. SQL Injection).

string
cvss
object
score
number format: float
nullable
vector
string
nullable
description
string
nullable
owasp

OWASP category (e.g. A1: Injection).

string
references_url

External reference URLs with display titles.

Array<object>
object
url
required
string format: uri
title
required
string
cve
required
Array<string>
versions
required
object
affected_in
required
string
fixed_in
required
string
versions_list

Comma-separated list of specific affected versions, when applicable.

string
nullable
credit

Discoverer of the vulnerability.

object
name
string
url
string format: uri
submitter

Submitter, when distinct from credit.

object
name
string
url
string format: uri
Example
{
"vulnerability": {
"title": "WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.153.3 - Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability",
"description": "Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability discovered by WordFence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin (versions <= 5.153.3).",
"disclosure_date": "2021-05-03 00:00:00",
"disclosed_at": "2021-05-03T00:00:00+00:00",
"created_at": "2021-09-28T14:17:02+00:00",
"is_exploited": true,
"url": "wordpress-spam-protection-antispam-firewall-by-cleantalk-plugin-5-153-3-unauthenticated-time-based-blind-sql-injection-sqli-vulnerability",
"direct_url": "https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-plugin-5-153-3-unauthenticated-time-based-blind-sql-injection-sqli-vulnerability"
},
"product": {
"name": "Spam protection, AntiSpam, FireWall by CleanTalk",
"slug": "cleantalk-spam-protect",
"type": "Plugin"
},
"type": "SQL Injection",
"cvss": {
"score": 7.5,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"description": ""
},
"owasp": "A1: Injection",
"references_url": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24295",
"title": "CVE"
}
],
"cve": [
"2021-24295"
],
"versions": {
"affected_in": "<= 5.153.3",
"fixed_in": "5.153.4"
},
"versions_list": null,
"credit": {
"name": "WordFence",
"url": "https://twitter.com/wordfence"
},
"submitter": {
"name": "h00die",
"url": "https://packetstormsecurity.com/files/author/7166/"
}
}

Missing or invalid PSKey header.

API key not authorised for the requested endpoint.

Unknown product/version/vulnerability id.

Rate limit exceeded.