Skip to content

CVEs

The CVE resource is the core of the BreachSpider platform. 350,000+ CVEs enriched with SAGE AI analysis, EPSS scoring, KEV tracking, BCS prioritization, ICS/OT relevance classification, and CVSS decomposition.

Endpoints

Method Path Description Auth
GET /api/v1/cves List CVEs with filtering and pagination Required
GET /api/v1/cves/{cve_id} Get single CVE full detail Required
GET /api/v1/cves/kev List KEV entries Required
GET /api/v1/cves/vendor/{slug} CVEs by vendor slug Required
GET /api/v1/cves/protocol/{name} CVEs by ICS protocol Required
GET /api/v1/cves/stats/summary CVE corpus statistics Required
GET /api/v1/cves/stats/dashboard Dashboard-optimized stats Required

GET /api/v1/cves

List CVEs with filtering, sorting, and pagination.

Query Parameters

Parameter Type Default Description
page integer 1 Page number
limit integer 20 Results per page (max 100)
q string - Full-text search (CVE ID, vendor, keyword)
severity string - CRITICAL, HIGH, MEDIUM, LOW
kev boolean - Filter to KEV entries only
vendor string - Vendor name filter
protocol string - ICS protocol filter
unpatched boolean - Only unpatched CVEs
date_from date - ISO 8601 date (2025-01-01)
date_to date - ISO 8601 date
ranked boolean false Rank by watchlist relevance (auth required)

Example Request

curl -H "Authorization: Bearer bs_live_..." \
  "https://breachspider.com/api/v1/cves?severity=CRITICAL&kev=true&limit=10"

List Item Shape

Each item in the collection is a lightweight summary card:

{
  "cve_id": "CVE-2025-32433",
  "bsid": "BS-2025-254014-C",
  "title": "Erlang/OTP SSH Server Unauthenticated Remote Code Execution",
  "severity": "CRITICAL",
  "cvss_score": 10.0,
  "bcs_score": 10.0,
  "epss_score": 0.59973,
  "epss_percentile": 0.98298,
  "epss_top_10_pct": true,
  "kev_flagged": true,
  "exploit_maturity": "POC",
  "poc_available": true,
  "has_public_exploit": false,
  "patch_status": "patched",
  "ics_relevant": true,
  "primary_vendor": "Erlang",
  "primary_product": "Erlang/OTP",
  "vendor_count": 7,
  "published_at": "2025-04-16T22:15:14Z",
  "_links": {
    "self": "/api/v1/cves/CVE-2025-32433",
    "html": "https://breachspider.com/ics-cve/CVE-2025-32433"
  }
}

GET /api/v1/cves/{cve_id}

Full CVE detail with all scoring blocks, SAGE analysis, CVSS decomposition, exploitation signals, affected vendor/product list, and remediation data.

Path Parameters

Parameter Description
cve_id CVE identifier (e.g. CVE-2025-32433)

Example Request

curl -H "Authorization: Bearer bs_live_..." \
  "https://breachspider.com/api/v1/cves/CVE-2025-32433"

Full Response Shape

{
  "api": {
    "version": "1.0.0",
    "request_id": "bs-req-75d2ecafebce",
    "timestamp": "2026-06-07T13:34:43.930705Z",
    "processing_ms": 21
  },
  "data": {
    "cve_id": "CVE-2025-32433",
    "bsid": "BS-2025-254014-C",
    "title": "Erlang/OTP SSH Server Unauthenticated Remote Code Execution",
    "description": "Full vulnerability description...",
    "scoring": {
      "cvss": {
        "score": 10.0,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1",
        "severity": "CRITICAL",
        "attack_vector": "NETWORK",
        "attack_complexity": "LOW",
        "privileges_required": "NONE",
        "user_interaction": "NONE",
        "scope": "CHANGED",
        "confidentiality_impact": "HIGH",
        "integrity_impact": "HIGH",
        "availability_impact": "HIGH"
      },
      "epss": {
        "score": 0.59973,
        "percentile": 0.98298,
        "interpretation": "Top 5% most likely to be exploited"
      },
      "bcs": {
        "score": 10.0,
        "tier": "CRITICAL",
        "factors": {
          "kev_flagged": true,
          "poc_available": true,
          "has_public_exploit": false,
          "patch_available": true,
          "ics_relevance": 0.94
        }
      }
    },
    "exploitation": {
      "kev_flagged": true,
      "kev_added_at": "2025-04-20T00:00:00Z",
      "has_public_exploit": false,
      "poc_available": true,
      "exploit_maturity": "POC",
      "actively_exploited": true
    },
    "affected": {
      "vendors": ["Cisco", "Erlang", "Siemens"],
      "products": ["Erlang/OTP", "NCS 1001"],
      "primary_vendor": "Erlang",
      "primary_product": "Erlang/OTP",
      "vendor_count": 7,
      "device_types": ["networking"],
      "protocols": ["SSH"],
      "ics_relevance_score": 0.94,
      "ics_relevant": true
    },
    "patch": {
      "status": "patched",
      "patch_available": true,
      "patch_version": "OTP-27.3.3",
      "patch_url": "https://github.com/erlang/otp/releases",
      "patch_notes": "Upgrade to OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20"
    },
    "classification": {
      "cwes": [
        {"id": 306, "url": "https://cwe.mitre.org/data/definitions/306.html"}
      ],
      "attack_vector": "NETWORK",
      "attack_complexity": "LOW",
      "privileges_required": "NONE",
      "user_interaction": "NONE",
      "scope": "CHANGED",
      "layer": "OS",
      "category": "authentication-bypass"
    },
    "sage": {
      "model": "SAGE-v1",
      "tier": "full",
      "executive_summary": "Critical pre-auth RCE in Erlang/OTP SSH server...",
      "ics_context": "Erlang/OTP is used in industrial messaging and SCADA middleware...",
      "remediation_guidance": "Patch immediately. If patching is not possible within 24h...",
      "confidence_score": 0.94,
      "confidence_tier": "SOVEREIGN_AUDIT_PASS",
      "_upgrade_required": false,
      "_upgrade_url": null
    },
    "temporal": {
      "published_at": "2025-04-16T22:15:14Z",
      "modified_at": "2025-05-01T10:00:00Z",
      "enriched_at": "2025-04-17T00:03:11Z",
      "kev_added_at": "2025-04-20T00:00:00Z"
    },
    "references": {
      "nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32433",
      "cisa_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
      "breachspider_url": "https://breachspider.com/ics-cve/CVE-2025-32433",
      "vendor_advisories": []
    },
    "_links": {
      "self": "/api/v1/cves/CVE-2025-32433",
      "pdf": "/api/v1/ics-cve/CVE-2025-32433/pdf",
      "html": "https://breachspider.com/ics-cve/CVE-2025-32433"
    }
  },
  "meta": {
    "enrichment_version": "2.1",
    "sage_model": "SAGE-v1",
    "source": "breachspider-enriched"
  }
}

GET /api/v1/cves/kev

Known Exploited Vulnerabilities catalog filtered to BreachSpider's enriched corpus. 1,600+ entries with full scoring and SAGE analysis.

curl -H "Authorization: Bearer bs_live_..." \
  "https://breachspider.com/api/v1/cves/kev?limit=20"

Response includes same collection envelope as /cves with KEV-specific meta:

"meta": {
  "kev_program_launched": "2021-11-03",
  "source": "Known Exploited Vulnerabilities Catalog",
  "catalog_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
  "corpus_size": 1613
}

GET /api/v1/cves/vendor/{slug}

CVEs affecting a specific vendor. Slug is lowercase vendor name with hyphens.

# Siemens CVEs
curl -H "Authorization: Bearer bs_live_..." \
  "https://breachspider.com/api/v1/cves/vendor/siemens"

# Schneider Electric CVEs
curl -H "Authorization: Bearer bs_live_..." \
  "https://breachspider.com/api/v1/cves/vendor/schneider-electric"

Common vendor slugs: siemens, schneider-electric, cisco, abb, advantech, moxa, microsoft, vmware, rockwell-automation

GET /api/v1/cves/protocol/{name}

CVEs affecting a specific ICS protocol.

curl -H "Authorization: Bearer bs_live_..." \
  "https://breachspider.com/api/v1/cves/protocol/modbus"

Supported protocols: modbus, dnp3, opc-ua, iec-61850, profinet, ethernet-ip, bacnet, ssh, http, ftp