API Endpoints
Base URL: https://wtfisthiscve.com
Get CVE Explanation
GET /api/cve/{cve_id}
Returns a plain English explanation for a CVE.
Parameters
| Parameter | Type | Description |
|---|---|---|
| cve_id | string | CVE identifier (e.g., CVE-2021-44228) |
Headers
| Header | Required | Description |
|---|---|---|
| X-API-Key | Yes | Your API key |
Example Request
curl -H "X-API-Key: your-api-key" \
https://wtfisthiscve.com/api/cve/CVE-2021-44228
Example Response
{
"ok": true,
"data": {
"cve_id": "CVE-2021-44228",
"title": "Log4Shell - Apache Log4j Remote Code Execution",
"severity": "CRITICAL",
"cvss_score": 10.0,
"summary": "A critical remote code execution vulnerability in Apache Log4j 2.x that allows attackers to execute arbitrary code by sending specially crafted log messages.",
"affected": "Apache Log4j versions 2.0-beta9 through 2.14.1. If you use Java applications that use Log4j for logging (very common), you may be affected. Check your dependencies.",
"fix": "Upgrade to Log4j 2.17.0 or later. As a temporary mitigation, you can set the system property log4j2.formatMsgNoLookups=true or remove the JndiLookup class from the classpath.",
"references": [
{
"title": "Apache Log4j Security Vulnerabilities",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"title": "NVD - CVE-2021-44228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
}
]
}
}
Response Fields
| Field | Type | Description |
|---|---|---|
| cve_id | string | The CVE identifier |
| title | string | Short descriptive title |
| severity | string | CRITICAL, HIGH, MEDIUM, LOW, or UNKNOWN |
| cvss_score | number | CVSS v3.1 base score (0-10), null if unknown |
| summary | string | Plain English explanation of the vulnerability |
| affected | string | Who is affected and how to check |
| fix | string | Remediation steps |
| references | array | Links to official sources |
Export CVEs to CSV
GET /api/cves/export.csv
Download CVE data as a CSV file. Results are filtered based on query parameters.
Headers
| Header | Required | Description |
|---|---|---|
| X-API-Key | Yes | Your API key |
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| severity | string | Filter by severity (CRITICAL, HIGH, MEDIUM, LOW) |
| risk_level | string | Filter by risk level (CRITICAL_GAP, HIGH, etc.) |
| patch_status | string | Filter by patch status (available, not_available) |
| tag | string | Filter by tag |
| min_score | number | Minimum CVSS score (0-10) |
| search | string | Search CVE ID or description |
Rate Limits
- 10 exports per hour per API key
- Maximum 1000 rows per export
Example Request
curl -H "X-API-Key: your-api-key" \
"https://wtfisthiscve.com/api/cves/export.csv?severity=CRITICAL" \
-o critical_cves.csv
Response
Returns a CSV file with the following columns:
| Column | Description |
|---|---|
| cve_id | CVE identifier |
| title | Short descriptive title |
| severity | CRITICAL, HIGH, MEDIUM, LOW, or UNKNOWN |
| cvss_score | CVSS v3.1 base score (0-10) |
| published_date | Date CVE was published |
| patch_status | available, partial, workaround_only, not_available |
| days_unpatched | Days since publication (if unpatched) |
| risk_level | CRITICAL_GAP, HIGH, MEDIUM, or LOW |
Error Responses
| Status | Description |
|---|---|
| 401 | Missing or invalid API key |
| 429 | Rate limit exceeded (10 exports per hour) |
Export CVEs to JSON
GET /api/cves/export.json
Download CVE data as a structured JSON file with full details including explanations, exploit intelligence, and patch information.
When to Use JSON Export
- Building integrations that need full CVE details programmatically
- Automated vulnerability analysis pipelines
- Data science and research projects requiring structured data
- Custom dashboards where you need explanation text, exploit intel, and patch status together
Headers
| Header | Required | Description |
|---|---|---|
| X-API-Key | Yes | Your API key |
Query Parameters
Same as CSV export: severity, risk_level, patch_status, tag, min_score, search
Rate Limits
- 10 exports per hour per API key (shared with CSV/SARIF)
- Maximum 1000 rows per export
Example Request
curl -H "X-API-Key: your-api-key" \
"https://wtfisthiscve.com/api/cves/export.json?severity=CRITICAL" \
-o critical_cves.json
Example Response
{
"ok": true,
"data": {
"cves": [
{
"cve_id": "CVE-2024-1234",
"title": "Remote Code Execution in Example Library",
"severity": "CRITICAL",
"cvss_score": 9.8,
"description": "Original NVD description...",
"published_date": "2024-01-15",
"cwe_ids": ["CWE-78"],
"explanation": {
"summary": "Plain English explanation of the vulnerability...",
"affected": "Who is affected and how to check...",
"fix": "Remediation steps...",
"references": [
{"title": "NVD", "url": "https://nvd.nist.gov/...", "ref_type": "advisory"}
]
},
"exploit_intel": {
"risk_level": "CRITICAL_GAP",
"detectable": false,
"weaponized": true,
"detection_sources": [],
"exploit_sources": ["exploit-db", "metasploit"]
},
"patch": {
"status": "available",
"patch_date": "2024-01-18",
"patch_urls": ["https://example.com/patch"],
"days_unpatched": 3
},
"tags": [
{"tag": "apache", "tag_type": "vendor"}
]
}
],
"meta": {
"total": 150,
"exported": 150,
"max_rows": 1000,
"exported_at": "2024-12-13T15:30:00Z"
}
}
}
Response Structure
| Field | Type | Description |
|---|---|---|
| cves[].cve_id | string | CVE identifier |
| cves[].title | string | Short descriptive title |
| cves[].severity | string | CRITICAL, HIGH, MEDIUM, LOW |
| cves[].cvss_score | number | CVSS v3.1 base score (0-10) |
| cves[].description | string | Original NVD description |
| cves[].published_date | string | Date CVE was published |
| cves[].cwe_ids | array | Associated CWE weakness IDs |
| cves[].explanation | object | Plain English explanation (if available) |
| cves[].exploit_intel | object | Exploit intelligence data (if available) |
| cves[].patch | object | Patch availability info (if available) |
| cves[].tags | array | Associated tags (vendor, product, technology) |
| meta.total | number | Total matching CVEs before cap |
| meta.exported | number | Number of CVEs in this export |
| meta.max_rows | number | Maximum rows per export (1000) |
| meta.exported_at | string | ISO 8601 timestamp of export |
Export CVEs to SARIF
GET /api/cves/export.sarif
Download CVE data in SARIF 2.1.0 format for security tool integration.
What is SARIF?
SARIF (Static Analysis Results Interchange Format) is an OASIS standard for expressing results from static analysis tools. It's the industry-standard format used by:
- GitHub Code Scanning - Upload SARIF files to see vulnerabilities in your repository
- Azure DevOps - Security dashboards and alerts
- SAST/DAST tools - Unified vulnerability reporting across multiple tools
When to Use SARIF Export
- GitHub Code Scanning integration - Upload CVE data alongside your static analysis results
- Azure DevOps security dashboards - Unified vulnerability view
- Security tool consolidation - Aggregate CVE data with other security findings
- Compliance reporting - Standard format accepted by many security platforms
Headers
| Header | Required | Description |
|---|---|---|
| X-API-Key | Yes | Your API key |
Query Parameters
Same as CSV export: severity, risk_level, patch_status, tag, min_score, search
Rate Limits
- 10 exports per hour per API key (shared with CSV/JSON)
- Maximum 1000 rows per export
Example Request
curl -H "X-API-Key: your-api-key" \
"https://wtfisthiscve.com/api/cves/export.sarif?severity=CRITICAL" \
-o critical_cves.sarif
SARIF Structure
The export follows the SARIF 2.1.0 specification:
{
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [{
"tool": {
"driver": {
"name": "wtfisthiscve",
"version": "0.1.0",
"informationUri": "https://wtfisthiscve.com",
"rules": [
{
"id": "CVE-2024-1234",
"shortDescription": {"text": "Remote Code Execution"},
"fullDescription": {"text": "Plain English explanation..."},
"helpUri": "https://wtfisthiscve.com/cve/CVE-2024-1234",
"help": {"text": "Affected: ...\n\nFix: ..."},
"defaultConfiguration": {"level": "error"},
"properties": {
"security-severity": "9.8",
"tags": ["security", "CVE", "external/cwe/cwe-78"]
}
}
]
}
},
"taxonomies": [{
"name": "CWE",
"version": "4.13",
"informationUri": "https://cwe.mitre.org/",
"taxa": [{"id": "78", "shortDescription": {"text": "OS Command Injection"}}]
}],
"results": [{
"ruleId": "CVE-2024-1234",
"ruleIndex": 0,
"level": "error",
"message": {"text": "CVE-2024-1234: Remote Code Execution (CVSS 9.8)"},
"properties": {
"cvss-score": 9.8,
"risk-level": "CRITICAL_GAP",
"patch-status": "available",
"weaponized": true
}
}]
}]
}
SARIF Severity Mapping
CVSS scores are mapped to SARIF levels for GitHub Code Scanning:
| CVSS Score | SARIF Level | GitHub Severity |
|---|---|---|
| >= 7.0 | error | High |
| >= 4.0 | warning | Medium |
| < 4.0 | note | Low |
GitHub Code Scanning Integration
Upload the SARIF file to GitHub using the Code Scanning API:
# Export SARIF
curl -H "X-API-Key: your-api-key" \
"https://wtfisthiscve.com/api/cves/export.sarif?severity=CRITICAL" \
-o cves.sarif
# Upload to GitHub (requires gzip compression)
gzip cves.sarif
cat cves.sarif.gz | base64 > cves.sarif.b64
curl -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/OWNER/REPO/code-scanning/sarifs" \
-d "{
\"commit_sha\": \"$(git rev-parse HEAD)\",
\"ref\": \"refs/heads/main\",
\"sarif\": \"$(cat cves.sarif.b64)\"
}"
Health Check
GET /health
Returns service health status. Does not require authentication.
Example Response
{
"ok": true,
"data": {
"status": "healthy",
"product": "wtfisthiscve"
}
}