Look up a CVE by id (e.g. CVE-2021-44228) across three authoritative vulnerability feeds in one call. Query: cve (CVE-YYYY-NNNN). Returns the canonical record — description, CVSS base score + severity + vector, CWE weakness ids, published/modified dates, reference links — plus whether it is on the US CISA Known Exploited Vulnerabilities catalog (with remediation due date and known-ransomware flag) and its EPSS exploit-probability score and percentile. The exploited and EPSS sections report independently, so one feed being unavailable does not fail the call. 404 if the CVE id is unknown. For triage, prioritization, and anti-hallucination on vulnerability claims.
/api/security/cvePAYMENT-SIGNATURE.The CVE API looks up a vulnerability by id across three authoritative feeds in a single call — the canonical record, exploitation status, and exploit probability — so agents get triage-ready context without stitching sources together.
Pass a CVE id (e.g. CVE-2021-44228) and get the description, CVSS base score, severity and vector, CWE weakness ids, published/modified dates and reference links, plus whether it is on the US CISA Known Exploited Vulnerabilities (KEV) catalog (with remediation due date and known-ransomware flag) and its EPSS exploit-probability score and percentile. The exploited and EPSS sections report independently, so one feed being down does not fail the call. No API key — pay per lookup with x402.
| Name | Type | Description |
|---|---|---|
cverequired | string | CVE identifier in the form CVE-YYYY-NNNN (e.g. CVE-2021-44228). min 6 chars · max 40 chars |
# 1. Probe with no auth → 402 envelope with PaymentRequirements curl -sS 'https://2s.io/api/security/cve?cve=xxxxxx' # 2. Sign + retry with PAYMENT-SIGNATURE: curl -sS 'https://2s.io/api/security/cve?cve=xxxxxx' \ -H 'PAYMENT-SIGNATURE: <base64-json-payload>' # Or use the canonical runner (handles probe → sign → retry): # EVM_PRIVATE_KEY=0x... node --env-file=.env.local \ # --experimental-strip-types scripts/x402-pay.ts \ # 'https://2s.io/api/security/cve?cve=xxxxxx'
import { TwoS } from '@2sio/sdk'
const client = new TwoS({
privateKey: process.env.EVM_PRIVATE_KEY as `0x${string}`,
})
const result = await client.security.cve({
"cve": "xxxxxx"
})
console.log('endpoint:', result.endpoint)
console.log('cost:', result.costUsd, 'USDC')
console.log('tx:', result.settlement?.txHash)
console.log('data:', result.data)import os
from twosio import TwoS
client = TwoS(private_key=os.environ["EVM_PRIVATE_KEY"])
result = client.security.cve(cve="xxxxxx")
print("endpoint:", result.endpoint)
print("cost:", result.cost_usd, "USDC")
print("tx:", (result.settlement or {}).get("tx_hash"))
print("data:", result.data)// 1. Add @2sio/mcp to your MCP host config (Claude Desktop example below).
// EVM_PRIVATE_KEY funds x402 payments per call.
// claude_desktop_config.json
{
"mcpServers": {
"2sio": {
"command": "npx",
"args": ["-y", "@2sio/mcp"],
"env": { "EVM_PRIVATE_KEY": "0x..." }
}
}
}
// 2. Once the server is running, agents call this tool via standard MCP:
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "security.cve",
"arguments": {
"cve": "xxxxxx"
}
}
}| Field | Type | Description |
|---|---|---|
cve | string | |
published | string | |
lastModified | string | |
vulnStatus | string | |
description | string | |
cvss | object | |
cwes | array | |
references | array | |
knownExploited | object | |
knownExploitedError | string | |
epss | object | |
epssError | string | |
sources | array |
{
"cve": "example",
"published": "example",
"lastModified": "example",
"vulnStatus": "example",
"description": "example",
"cvss": {},
"cwes": [
"example"
],
"references": [
{}
],
"knownExploited": {},
"knownExploitedError": "example",
"epss": {},
"epssError": "example",
"sources": [
{}
]
}