Search the CVE corpus, by any field.

Filter the full CVE corpus by any of 243 indexed fields and 11 query operators. Boolean must / must_not / should clauses, sorting by EPSS or CVSS, and pagination.

Talk to us Browse API docs

WHAT THIS API RETURNS

A query language over the full CVE corpus.

The Vulnerability Search API exposes the indexed CVE corpus that drives Deepinfo's vulnerability ranking. Pass a JSON filter body and the API returns matching CVEs with the full enrichment surface, paginated or as an export.

Filters compose with boolean clauses: must for required match, must_not for exclusion, should for any-of. The corpus indexes 243 fields covering published date, CVSS metric, EPSS exploit-prediction score, CISA KEV active-exploitation flag, CWE classification, affected products, and Deepinfo-specific risk scoring.

Use this when ranking depends on more than one signal: CVEs published in the last 30 days where EPSS exceeds a threshold and CISA KEV is set, or CVEs against a specific vendor sorted by recent exploitation activity. Sort by EPSS, CVSS, published date, or CISA add date.

REQUEST

POST a JSON filter body, get matching CVEs back.

Endpoint:

POST https://api.deepinfo.com/v1/discovery/vulnerability-search

Request body is a JSON object with two top-level keys: filters (with must, must_not, should filter clauses) and sort.

Query parameters (pagination and export):

Name	In	Type	Required	Description
page	query	integer	No	Page number for paginated responses. Defaults to 1.
page_size	query	integer	No	Page size for paginated responses. Defaults to a sensible per-endpoint limit; see docs.
ordering	query	string	No	Field to sort by; prefix with `-` for descending order.
export	query	boolean	No	When true, returns the full result set as a downloadable export instead of paginated JSON.
export_format	query	enum	No	Format of the export when `export=true`. Typically `json` or `csv`.
export_scope	query	enum	No	Subset of fields to include in the export. See the docs for per-endpoint scopes.

Authentication is by API token in the request header. See docs.deepinfo.com for the full request reference.

SAMPLE RESPONSE

See what the API returns.

Real response structure for the Search the CVE corpus, by any field endpoint. Field coverage may vary based on query parameters and data availability.

JSON RESPONSE

{
  "_request": {
    "filters": {
      "must": [
        {"name": "enrichment.cisa_kev.is_listed", "type": "eq", "value": true},
        {"name": "enrichment.epss_score.epss", "type": "gte", "value": 0.7},
        {"name": "published", "type": "gte", "value": "2026-02-01"}
      ]
    },
    "sort": [{"field": "enrichment.epss_score.epss", "order": "desc"}]
  },
  "results": [
    {
      "id": "CVE-2026-1842",
      "published": "2026-04-08T00:00:00Z",
      "cvss_base_score": 9.8,
      "epss": 0.94,
      "cisa_kev": {"is_listed": true, "date_added": "2026-04-12"},
      "summary": "Remote code execution in Example Vendor Product before 4.2."
    }
  ],
  "pagination": {"page": 1, "page_size": 50, "total": 41}
}

STRUCTURED VIEW

Request

Filters

{1 fields}

Sort

1 items

Results

Count

First id

CVE-2026-1842

First published

2026-04-08T00:00:00Z

First cvss base score

9.8

First epss

0.94

First cisa kev

{2 fields}

First summary

Remote code execution in Example Vendor Product before 4.2.

Pagination

Page

Page size

Total

Sample response shown. Real responses depend on query parameters, data availability, and API version. Talk to us for full schema documentation.

USE CASES

“Filtering CVEs by EPSS, KEV, vendor, and CWE in boolean queries turned what used to be NVD-CSV grep into a real query. Patch prioritization now pulls from one source instead of analyst-built spreadsheets.”

— Vulnerability Engineering Lead, National Bank

CONTINUE EXPLORING