Find vulnerabilities for a product
const url = 'https://patchstack.com/database/api/v2/product/plugin/tutor/1.5.2';const options = {method: 'GET', headers: {PSKey: '<PSKey>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://patchstack.com/database/api/v2/product/plugin/tutor/1.5.2 \ --header 'PSKey: <PSKey>'Return every advisory that applies to a specific WordPress plugin, theme or core version.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”Example
pluginProduct ecosystem.
Example
tutorWordPress plugin or theme slug. Use wordpress when type=wordpress.
Slugs are lowercase — normalize your own data before comparison.
Example
1.5.2Concrete version (e.g. 1.5.2).
Responses
Section titled “ Responses ”Matched advisories (possibly empty).
object
Flat per-item shape returned by the Standard tier. For the richer shape
(with description, cvss_score, cve, patched_in_ranges, etc.),
see the Extended tier.
object
Stable Patchstack vulnerability id.
Human-readable title including product name, affected version, and vulnerability type.
When the vulnerability was publicly disclosed (ISO 8601).
When the row was inserted into the Patchstack database (ISO 8601).
Lowercase slug of the product.
Display name of the product.
Premium variant name when a plugin author ships two plugins under
the same slug. null in the common case.
Product ecosystem.
First version that contains the patch. Empty string when Patchstack has not yet recorded a fixed version.
Public Patchstack vulnerability page.
Example
{ "vulnerabilities": [ { "id": 4253, "title": "WordPress Tutor LMS plugin <= 1.5.2 - Cross-Site Request Forgery (CSRF) vulnerability", "disclosed_at": "2020-02-04T00:00:00+00:00", "created_at": "2022-05-27T10:23:01+00:00", "product_slug": "tutor", "product_name": "Tutor LMS", "product_name_premium": null, "product_type": "Plugin", "fixed_in": "1.5.3", "direct_url": "https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability" } ]}Missing or invalid PSKey header.
API key not authorised for the requested endpoint.
Unknown product/version combination.
Rate limit exceeded (5,000 requests / 24 hours).