security.cve

Look up a CVE by id (e.g. CVE-2021-44228) across three authoritative vulnerability feeds in one call. Query: cve (CVE-YYYY-NNNN). Returns the canonical record — description, CVSS base score + severity + vector, CWE weakness ids, published/modified dates, reference links — plus whether it is on the US CISA Known Exploited Vulnerabilities catalog (with remediation due date and known-ransomware flag) and its EPSS exploit-probability score and percentile. The exploited and EPSS sections report independently, so one feed being unavailable does not fail the call. 404 if the CVE id is unknown. For triage, prioritization, and anti-hallucination on vulnerability claims.

price
$0.0018 USDC per call
method
GET/api/security/cve
payment
x402 v2 · USDC on Base (EIP-3009) or Solana (SPL transfer)
auth
None. Sign the payment, retry with PAYMENT-SIGNATURE.

Overview

The CVE API looks up a vulnerability by id across three authoritative feeds in a single call — the canonical record, exploitation status, and exploit probability — so agents get triage-ready context without stitching sources together.

Pass a CVE id (e.g. CVE-2021-44228) and get the description, CVSS base score, severity and vector, CWE weakness ids, published/modified dates and reference links, plus whether it is on the US CISA Known Exploited Vulnerabilities (KEV) catalog (with remediation due date and known-ransomware flag) and its EPSS exploit-probability score and percentile. The exploited and EPSS sections report independently, so one feed being down does not fail the call. No API key — pay per lookup with x402.

Use cases

Parameters

NameTypeDescription
cverequiredstringCVE identifier in the form CVE-YYYY-NNNN (e.g. CVE-2021-44228).
min 6 chars · max 40 chars

Code samples

cURLbash
# 1. Probe with no auth → 402 envelope with PaymentRequirements
curl -sS 'https://2s.io/api/security/cve?cve=xxxxxx'

# 2. Sign + retry with PAYMENT-SIGNATURE:
curl -sS 'https://2s.io/api/security/cve?cve=xxxxxx' \
  -H 'PAYMENT-SIGNATURE: <base64-json-payload>'

# Or use the canonical runner (handles probe → sign → retry):
#   EVM_PRIVATE_KEY=0x... node --env-file=.env.local \
#     --experimental-strip-types scripts/x402-pay.ts \
#     'https://2s.io/api/security/cve?cve=xxxxxx'
TypeScript / Node — @2sio/sdktypescript
import { TwoS } from '@2sio/sdk'

const client = new TwoS({
  privateKey: process.env.EVM_PRIVATE_KEY as `0x${string}`,
})

const result = await client.security.cve({
  "cve": "xxxxxx"
})

console.log('endpoint:', result.endpoint)
console.log('cost:', result.costUsd, 'USDC')
console.log('tx:', result.settlement?.txHash)
console.log('data:', result.data)
Python — 2siopython
import os
from twosio import TwoS

client = TwoS(private_key=os.environ["EVM_PRIVATE_KEY"])

result = client.security.cve(cve="xxxxxx")

print("endpoint:", result.endpoint)
print("cost:", result.cost_usd, "USDC")
print("tx:", (result.settlement or {}).get("tx_hash"))
print("data:", result.data)
MCP — Claude Desktop / AgentKit / any MCP hostjson
// 1. Add @2sio/mcp to your MCP host config (Claude Desktop example below).
//    EVM_PRIVATE_KEY funds x402 payments per call.

// claude_desktop_config.json
{
  "mcpServers": {
    "2sio": {
      "command": "npx",
      "args": ["-y", "@2sio/mcp"],
      "env": { "EVM_PRIVATE_KEY": "0x..." }
    }
  }
}

// 2. Once the server is running, agents call this tool via standard MCP:

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "security.cve",
    "arguments": {
      "cve": "xxxxxx"
    }
  }
}

Response

FieldTypeDescription
cvestring
publishedstring
lastModifiedstring
vulnStatusstring
descriptionstring
cvssobject
cwesarray
referencesarray
knownExploitedobject
knownExploitedErrorstring
epssobject
epssErrorstring
sourcesarray
Example response datajson
{
  "cve": "example",
  "published": "example",
  "lastModified": "example",
  "vulnStatus": "example",
  "description": "example",
  "cvss": {},
  "cwes": [
    "example"
  ],
  "references": [
    {}
  ],
  "knownExploited": {},
  "knownExploitedError": "example",
  "epss": {},
  "epssError": "example",
  "sources": [
    {}
  ]
}

FAQ

Which sources does the CVE lookup combine?
The canonical vulnerability record (description, CVSS, CWE, references), the US CISA Known Exploited Vulnerabilities (KEV) catalog, and EPSS exploit-probability scoring — merged into one response.
What happens if one feed is unavailable?
The exploited (KEV) and EPSS sections report independently, so a single feed being down does not fail the call — you still get the canonical record.
What if the CVE id is unknown?
The endpoint returns 404 for a CVE id it cannot find, which also makes it a clean anti-hallucination check for cited CVEs.
Do I need an API key to use the cve API?
No. security.cve is x402-native — there is no signup and no API key. Your client makes the call, receives a 402 with payment requirements, signs a USDC payment, and retries. Funds come from a wallet you control.
How much does the cve API cost?
$0.0018 USDC per call, charged per request. There are no monthly fees, seats, or minimums — you pay only for the calls you make.
Can I try the cve API for free first?
Yes. Add ?trial=1 (or the header X-2s-Trial: 1) to get a free real call per endpoint per hour, so you can verify the response shape before wiring payment.
Which networks and tokens are supported?
USDC on Base (via EIP-3009 transferWithAuthorization) or Solana (SPL transfer), using the open x402 payment protocol.
How do I call security.cve from an AI agent or MCP host?
Use @2sio/sdk (TypeScript), 2sio (Python), or the @2sio/mcp server for any MCP host — each handles the probe → sign → retry loop for you. See the code samples on this page.

Discovery

Related: cve api · vulnerability api · cve lookup api · nvd api · cisa kev api · epss api · cve api for ai agents · x402 security api · security cve api · cve api no api key · pay per call cve api · security api