Free CVE JSON API
CVE.report now provides a free JSON API for individual CVE records. The API combines the site's canonical CVE Program record with NVD enrichment, plus KEV and EPSS when available.
Endpoint
GET /api/cve/CVE-YYYY-NNNN.json
GET /api/cve/CVE-YYYY-NNNN.json?pretty=1
No authentication is required. Responses are JSON and include CORS headers for public read-only use.
curl -sS "https://cve.report/api/cve/CVE-2026-34904.json?pretty=1"
Included Data
- summary: title, description, state, assigner, published and updated timestamps
- source_records.cve_program: stored CVE Program / cvelistV5 JSON record
- source_records.nvd: NVD timestamps, metrics payload, and configurations payload
- metrics, problem_types, references, affected, timeline, solutions, workarounds, and credits
- enrichments: KEV, EPSS, and legacy QID mappings when present
Backing Sources
The API is backed by the same official/free sources used by the refreshed site ingest:
Linking
Every CVE detail page now links directly to its JSON record. Recent CVE listings on the homepage, vendor pages, and software pages also link to the JSON endpoint.