Free Vulnerability API

Query CVEs, check package vulnerabilities, and get EPSS exploit probability scores — all through a free REST API. No credit card, no sales call, no enterprise contract.

Get Started in 30 Seconds

# 1. Register (free)
curl -X POST https://patchapi.shanecode.org/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"yourpassword"}'

# 2. Use your API key
curl https://patchapi.shanecode.org/v1/cve/CVE-2021-44228 \
  -H "X-API-Key: pp_live_your_key"

Or sign up on our docs page — no curl required.

What the Free Tier Includes

500 Lookups/Month

Enough for personal projects and small teams getting started.

CVE Lookup

Full CVE details with CVSS, description, CWEs, and references.

EPSS Scores

Exploit probability and percentile on every CVE response.

CISA KEV Status

Know instantly if a CVE is actively exploited.

Package Lookup

Query by ecosystem + package name across npm, PyPI, Go, Maven, Cargo.

CLI Tool

patchpulse CLI with --ci mode for pipeline integration.

Why Not Use the NVD API Directly?

The NVD API is free — but it has significant limitations that make it painful for production use:

Pain Point	NVD API	PatchPulse
Rate limit	5 req / 30 sec (without key)	30 req / min
EPSS scores	Not included	Every response
CISA KEV	Separate API	Every response
Package lookup	Not supported	/v1/pkg/{eco}/{name}
Manifest scan	Not supported	POST /v1/scan
Response format	Raw, complex JSON	Clean, developer-friendly

API Endpoints

GET /v1/cve/{cve-id}

Full CVE detail with EPSS, KEV, affected packages

GET /v1/pkg/{ecosystem}/{package}

All CVEs affecting a package

GET /v1/pkg/{ecosystem}/{package}/{version}

CVEs affecting a specific version

GET /health

API health and data source freshness

Start Using the API

500 free lookups per month. Upgrade anytime from $19/mo.

Get Free API Key View Pricing