Vulnerability Intelligence APIs
The Vulnerability Intelligence APIs provide access to comprehensive vulnerability databases, including CVE information from the National Vulnerability Database (NVD) and exploit intelligence. These APIs help security professionals, researchers, and developers identify vulnerabilities and understand their associated exploits.
Rate limiting: Requests are limited to 60 requests per minute.
Authentication: API key required.
Credits: Uses regular credit system for authenticated users.
Vulnerability Search
Search for vulnerabilities by CVE identifier, description, or vendor/product information from the NVD Database.
HTTP Request
GET https://fullhunt.io/api/v1/vulnerability-intelligence/vulnerability-search
URL Parameters
| Parameter | Description |
|---|---|
| query | The search query (CVE identifier, description, or vendor/product). Must be 3-50 characters long. |
Example Request
curl "https://fullhunt.io/api/v1/vulnerability-intelligence/vulnerability-search?query=CVE-2014-0160" \
-H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"
Example Response
{
"response": [
{
"cve_id": "CVE-2014-0160",
"title": "CVE-2014-0160",
"description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.",
"published_date": "2014-04-07T22:55:03.893",
"last_modified_date": "2025-09-09T13:33:47.875Z",
"vuln_status": "Deferred",
"cvss_v3_score": 7.5,
"cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cvss_v2_score": 5,
"cvss_v2_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cwes": ["CWE-125"],
"cpe_ids": ["cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"],
"epss_percentile": 0.99985,
"epss_score": 0.94436,
"is_exploit_available": true,
"is_kev": true,
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0160",
"source": "nvd@nist.gov",
"tags": ["Third Party Advisory"]
}
]
}
]
}
Exploits Search
Search for exploits, proof-of-concepts, and exploit code from the FullHunt database.
HTTP Request
GET https://fullhunt.io/api/v1/vulnerability-intelligence/exploits-search
URL Parameters
| Parameter | Description |
|---|---|
| query | The search query (CVE identifier, exploit title, description, type, or platform). Must be 3-100 characters long. |
Example Request
curl "https://fullhunt.io/api/v1/vulnerability-intelligence/exploits-search?query=Flussonic" \
-H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"
Example Response
{
"response": [
{
"edb_id": "33943",
"cve_id": null,
"title": "Flussonic Media Server 4.1.25 < 4.3.3 - Arbitrary File Disclosure",
"file_path": "exploits/aix/dos/33943.txt",
"author": "BGA Security",
"type": "dos",
"platform": "aix",
"port": "8080",
"date_published": "2014-07-01",
"date_added": "2014-07-01",
"date_updated": "2014-07-01",
"verified": false,
"codes": ["OSVDB-108610", "OSVDB-108609"],
"tags": [],
"aliases": "",
"screenshot_url": "",
"application_url": "",
"source_url": "",
"epss_percentile": 0,
"epss_score": 0,
"is_kev": false
}
]
}
Response Fields
Vulnerability Search Response Fields
| Field | Type | Description |
|---|---|---|
response | Array | Array of vulnerability objects |
cve_id | String | Common Vulnerabilities and Exposures identifier |
title | String | Vulnerability title (usually same as CVE ID) |
description | String | Detailed vulnerability description |
published_date | String | Date when vulnerability was published |
last_modified_date | String | Date when vulnerability information was last updated |
vuln_status | String | Vulnerability status (Active, Deferred, etc.) |
cvss_v3_score | Number | CVSS v3.1 base score (0.0-10.0) |
cvss_v3_vector | String | CVSS v3.1 vector string |
cvss_v2_score | Number | CVSS v2.0 base score (0.0-10.0) |
cvss_v2_vector | String | CVSS v2.0 vector string |
cwes | Array | List of Common Weakness Enumeration identifiers |
cpe_ids | Array | List of Common Platform Enumeration identifiers |
epss_score | Number | Exploit Prediction Scoring System score (0.0-1.0) |
epss_percentile | Number | EPSS percentile ranking (0.0-1.0) |
is_exploit_available | Boolean | Whether exploits are available for this vulnerability |
is_kev | Boolean | Whether this is a CISA Known Exploited Vulnerability |
cisa_exploit_add | String | Date added to CISA KEV catalog |
cisa_action_due | String | Required action due date from CISA |
references | Array | List of reference objects with URLs and metadata |
Exploits Search Response Fields
| Field | Type | Description |
|---|---|---|
response | Array | Array of exploit objects |
edb_id | String | Exploit Database identifier |
cve_id | String | Related CVE identifier (may be null) |
title | String | Exploit title |
file_path | String | Path to exploit file in the database |
author | String | Exploit author or researcher |
type | String | Type of exploit (dos, remote, local, etc.) |
platform | String | Target platform (Windows, Linux, AIX, etc.) |
port | String | Target port number (if applicable) |
date_published | String | Date when exploit was published |
date_added | String | Date when exploit was added to database |
date_updated | String | Date when exploit was last updated |
verified | Boolean | Whether the exploit has been verified |
codes | Array | Reference codes (OSVDB, etc.) |
tags | Array | Relevant tags for categorization |
aliases | String | Alternative names or aliases |
epss_score | Number | Exploit Prediction Scoring System score |
epss_percentile | Number | EPSS percentile ranking |
is_kev | Boolean | Whether related to a CISA KEV |
Search Behavior
Vulnerability Search
The vulnerability search performs intelligent matching across:
- CVE ID matching: Direct CVE identifier search
- Title matching: Search in vulnerability titles
- Description matching: Full-text search in vulnerability descriptions
- CPE matching: Search in Common Platform Enumeration identifiers
- Keyword matching: General keyword search across all fields
Exploits Search
The exploits search covers multiple data sources and performs matching across:
- Multi-source data: Searches both Exploit-DB and CISA KEV datasets
- CVE relationship: Find exploits for specific CVEs
- Title matching: Text search in exploit titles
- Author matching: Search by exploit author/researcher
- Type matching: Search by exploit type (dos, remote, local, etc.)
- Platform targeting: Search by target operating system or platform
- Source filtering: Filter by data source (exploitdb, kev)
Data Sources in Exploit Search:
- ExploitDB: Community-contributed exploit code and proof-of-concepts
- Metasploit: Professional penetration testing modules from the Metasploit Framework
- CISA KEV: Government-verified Known Exploited Vulnerabilities with federal compliance requirements
Error Responses
| Status Code | Error | Description |
|---|---|---|
| 400 | Missing required parameter: query | The query parameter is required |
| 400 | Query must be at least 3 characters long | Search query is too short |
| 400 | Query must be less than X characters long | Search query exceeds maximum length |
| 401 | Unauthorized access | Invalid or missing API key |
Use Cases
Security Research
- Research specific vulnerabilities and their characteristics
- Find exploits for known CVEs
- Analyze vulnerability trends and patterns
- Investigate security incidents
Vulnerability Management
- Enrich vulnerability scan results with detailed information
- Prioritize patching based on exploit availability
- Track vulnerability disclosure timelines
- Assess organizational exposure
Threat Intelligence
- Monitor for new exploits targeting your infrastructure
- Correlate vulnerabilities with active exploitation
- Build threat models based on available exploits
- Support incident response with vulnerability context
Security Tool Development
- Integrate vulnerability data into security platforms
- Build automated vulnerability assessment tools
- Create exploit detection mechanisms
- Enhance security monitoring capabilities
Penetration Testing
- Identify potential attack vectors
- Find proof-of-concept exploits for testing
- Validate security controls against known exploits
- Document findings with vulnerability references
Rate Limiting and Credits
- Rate Limit: 60 requests per minute per API key
- Credit System: Each API call consumes credits from your account balance
- Result Limits:
- Vulnerability Search: Up to 10 results per query
- Exploits Search: Up to 10 results per query