VulDB: Comprehensive Vulnerability Intelligence API for Developers

Overview

VulDB is a vulnerability intelligence platform that provides a comprehensive database of security vulnerabilities, exploits, and related threat information. Established in 2008, it serves as a resource for developers and security professionals aiming to integrate current threat data into their applications and security workflows. The platform's core offering includes a vulnerability database, a dedicated API for programmatic access, and various threat intelligence feeds.

The VulDB API is designed for automated vulnerability research and security monitoring. It allows technical teams to access detailed information on vulnerabilities, including their severity, affected software, and known exploit availability. This data can be crucial for enhancing security tools, improving incident response, and informing patch management strategies. For instance, an organization might use the API to automatically cross-reference its software inventory against newly discovered vulnerabilities, flagging critical exposures that require immediate attention. The API supports various use cases, from feeding security information and event management (SIEM) systems with real-time threat data to enriching asset management solutions with vulnerability context.

VulDB caters to organizations involved in vulnerability research, security operations centers (SOCs), and product development teams responsible for the security posture of their applications. Its utility extends to those requiring granular data for risk assessment and threatmodeling. The service offers both public access to a subset of its database and paid API plans that provide broader access and higher request limits, facilitating integration with enterprise-level security infrastructure. The API is RESTful, returning data primarily in JSON format, which simplifies parsing and integration into modern applications. Developers can find extensive documentation and code examples for popular languages like Python and cURL on the VulDB developer documentation portal.

Beyond individual vulnerability lookups, VulDB's threat intelligence feeds offer aggregated and curated data streams, enabling proactive threat detection and defense. This includes information on zero-day exploits and newly disclosed vulnerabilities, which are often critical for maintaining a robust security posture in an evolving threat landscape. The platform plays a role in helping organizations anticipate and mitigate potential security breaches by providing timely and actionable intelligence, which can be particularly valuable when compared to publicly maintained databases that might have different update cadences, as noted by the National Vulnerability Database (NVD) program's scope of vulnerability data. VulDB also maintains GDPR compliance, addressing data privacy concerns for its users.

Key features

• Vulnerability Database: Access to a comprehensive collection of security vulnerabilities, including detailed descriptions, affected software versions, and associated CVE (Common Vulnerabilities and Exposures) identifiers.
• Vulnerability Intelligence API: Programmatic access to the vulnerability database, enabling automated data retrieval and integration into custom applications and security tools.
• Threat Intelligence Feeds: Curated data streams providing insights into emerging threats, zero-day vulnerabilities, and exploit availability for proactive security measures.
• Exploit Information: Details on known exploits for identified vulnerabilities, assisting in risk prioritization and understanding potential attack vectors.
• Severity Ratings: Standardized vulnerability severity scores to help prioritize remediation efforts based on the potential impact and likelihood of exploitation.
• Search and Filtering: Capabilities to search the database by various criteria, such as vendor, product, version, and date, to pinpoint relevant vulnerabilities.
• Developer Documentation: Comprehensive documentation with API specifications, authentication details, and code examples for common programming languages like Python and cURL, available on the VulDB API reference.

Pricing

VulDB offers a range of API plans tailored to different usage requirements, with a limited public access tier available for general browsing of vulnerability details. Paid API plans are structured based on the number of requests and included features. Enterprise-level solutions with custom pricing are also available. The following table provides an overview of the starting paid tiers as of May 2026:

For the most current and detailed pricing information, including specific feature breakdowns for each tier, refer to the VulDB pricing page.

Common integrations

VulDB's API design supports integration with a variety of security and IT management systems. Common integration scenarios include:

• SIEM Systems: Incorporating real-time vulnerability and threat intelligence into Security Information and Event Management (SIEM) platforms to enhance correlation and alerting capabilities.
• Vulnerability Scanners: Enriching the results of vulnerability scanning tools with additional context and exploit information from VulDB.
• Patch Management Systems: Prioritizing patch deployment based on the severity and exploitability status of vulnerabilities reported by VulDB, assisting in managing software updates.
• Asset Management Tools: Augmenting asset inventories with associated vulnerability data to provide a clearer picture of an organization's attack surface.
• Security Orchestration, Automation, and Response (SOAR) Platforms: Automating vulnerability lookups and threat intelligence gathering as part of incident response playbooks.
• Custom Security Dashboards: Building bespoke dashboards that display current vulnerability trends and critical exposures within an organization.
• Developer Workflows: Integrating vulnerability checks directly into CI/CD pipelines to identify and address security issues early in the software development lifecycle.

Alternatives

• NVD (National Vulnerability Database): A U.S. government repository of standards-based vulnerability management data, offering public access to CVEs and related information.
• Snyk: A developer security platform focused on finding and fixing vulnerabilities in code, open source, containers, and infrastructure as code.
• Recorded Future: A threat intelligence company that uses machine learning to deliver real-time insights into adversaries, their tactics, techniques, and procedures.

Getting started

To begin using the VulDB API, you will typically need an API key for authentication. The following example demonstrates how to make a basic request to retrieve vulnerability details using curl, followed by a Python example for parsing the JSON response. Replace YOUR_API_KEY with your actual VulDB API key and VULN_ID with the specific vulnerability ID you wish to query, as detailed in the VulDB API reference documentation.

cURL Example:

curl -X GET \
  'https://vuldb.com/?api' \
  -H 'Content-type: application/json' \
  -H 'X-VulDB-ApiKey: YOUR_API_KEY' \
  -d '{"id": VULN_ID}'

Python Example:

import requests
import json

api_key = 'YOUR_API_KEY'
vuln_id = 92650 # Example vulnerability ID

headers = {
    'Content-type': 'application/json',
    'X-VulDB-ApiKey': api_key
}

payload = {
    'id': vuln_id
}

try:
    response = requests.post('https://vuldb.com/?api', headers=headers, data=json.dumps(payload))
    response.raise_for_status() # Raise an exception for HTTP errors
    
    data = response.json()
    print(json.dumps(data, indent=2))
    
    if 'result' in data and data['result'] == 'ok' and 'vulnerability' in data:
        vulnerability = data['vulnerability']
        print(f"\nVulnerability Title: {vulnerability.get('title', 'N/A')}")
        print(f"CVSS v3 Score: {vulnerability.get('cvss3', {}).get('score', 'N/A')}")
        print(f"Description: {vulnerability.get('description', 'N/A')[:200]}...")
    else:
        print(f"Error or no vulnerability found for ID {vuln_id}: {data.get('message', 'Unknown error')}")

except requests.exceptions.RequestException as e:
    print(f"Request failed: {e}")
except json.JSONDecodeError:
    print(f"Failed to decode JSON response: {response.text}")

This Python script sends a POST request to the VulDB API with the specified API key and vulnerability ID, then prints the formatted JSON response. It also extracts and displays key details like the vulnerability title, CVSS v3 score, and a snippet of the description. For more detailed API calls and available parameters, consult the detailed VulDB API reference.