Vulnerability Intelligence
for Developers
One API. NVD + OSV + GHSA + EPSS + CISA KEV — enriched, cross-referenced, and ready. Know what to patch today, not just what's vulnerable.
500 free lookups/month. No credit card required.
$ curl https://patchapi.shanecode.org/v1/cve/CVE-2021-44228
{
"cve_id": "CVE-2021-44228",
"cvss": { "v3_score": 10.0, "severity": "CRITICAL" },
"epss": { "score": 0.97556, "percentile": 99.9 },
"cisa_kev": { "in_catalog": true, "date_added": "2021-12-10" },
"affected_packages": [
{ "ecosystem": "maven", "package": "log4j-core", "fixed": "2.17.1" }
]
}Five Sources. One Call.
NIST vulnerability database
250K+ CVEs
Exploit probability scores
400K+ scored
Known exploited vulns
Actively exploited
Open source advisories
80K+ advisories
GitHub security advisories
30K+ advisories
Built for Developer Workflows
Every CVE enriched with exploit probability scoring. Know the real-world risk, not just the CVSS number.
GET /v1/cve/CVE-2021-44228Query by package name and version. Get all CVEs affecting your exact dependency version.
GET /v1/pkg/npm/lodash/4.17.20Upload your package-lock.json, go.mod, or requirements.txt. Get a prioritized vulnerability report.
POST /v1/scanEvery response flags whether a CVE is in the CISA Known Exploited Vulnerabilities catalog.
Drop patchpulse check --ci into your pipeline. Fail builds on critical vulns. Exit codes for automation.
patchpulse check --ci --min-severity highTrack how exploit probability changes over time. Spot risk trends before they become incidents.
GET /v1/epss/CVE-2024-1234/historySimple, Developer-Friendly Pricing
Start free. Upgrade when you need more.
Stop Triaging Blindly
Know which vulnerabilities are actually being exploited. Prioritize by real-world risk, not just CVSS scores.