CODEBLOCK0�json
{
"query": "log4j 2.14.1"
}
### Sample Response
json
{
"vulnerabilities": [
{
"cve_id": "CVE-2021-44228",
"title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"severity": "CRITICAL",
"cvss_score": 10.0,
"affected_versions": [
"2.0-beta9 through 2.15.0"
],
"description": "Apache Log4j2 versions less than 2.16.0 are vulnerable to remote code execution via JNDI injection.",
"published_date": "2021-12-10",
"updated_date": "2024-01-15",
"remediation": "Upgrade to Log4j 2.16.0 or later"
}
],
"query_timestamp": "2024-01-20T14:32:15Z",
"total
vulnerabilitiesfound": 1
}
## Endpoints
### POST /scan-cve
Scan for Common Vulnerabilities and Exposures matching a given query string.
**Method:** POST
**Path:** `/scan-cve`
**Request Parameters:**
| Name | Type | Required | Description |
|------|------|----------|-------------|
| `query` | string | Yes | The search query for CVE scanning. Can be a package name, version string, CVE identifier (e.g., "CVE-2021-44228"), or component name. |
**Request Body (application/json):**
json
{
"query": "string"
}
**Response (200 - Success):**
Returns a JSON object containing matched CVE records with vulnerability details, severity information, affected versions, and recommended remediation steps.
**Response (422 - Validation Error):**
Returns validation error details when the request schema is invalid or required fields are missing.
json
{
"detail": [
{
"loc": ["body", "query"],
"msg": "field required",
"type": "value_error.missing"
}
]
}
``
## Pricing
| Plan | Calls/Day | Calls/Month | Price |
|------|-----------|-------------|-------|
| Free | 5 | 50 | Free |
| Developer | 20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
## About
ToolWeb.in — 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
- 🌐 [toolweb.in](https://toolweb.in)
- 🔌 [portal.toolweb.in](https://portal.toolweb.in)
- 🤖 [hub.toolweb.in](https://hub.toolweb.in)
- 🐾 [toolweb.in/openclaw/](https://toolweb.in/openclaw/)
- 🚀 [rapidapi.com/user/mkrishna477](https://rapidapi.com/user/mkrishna477)
- 📺 [youtube.com/@toolweb-009](https://youtube.com/@toolweb-009)
## References
- **Kong Route:** https://api.mkkpro.com/security/cve-scanner
- **API Docs:** https://api.mkkpro.com:8010/docs`
概述
CVE扫描器是一款专注于安全的API,使开发者、安全团队和DevOps专业人员能够快速识别和评估影响其软件供应链的常见漏洞与暴露(CVE)。通过提交软件包名称、版本或漏洞标识符,用户可获得全面的CVE数据,包括严重等级、受影响版本及修复指导。
该工具可无缝集成到CI/CD流水线、漏洞管理工作流和安全审计中。它利用权威CVE数据库提供准确、最新的软件漏洞情报,帮助组织优先处理补丁工作并降低风险暴露。
理想用户包括需要将快速可靠的CVE查询能力集成到自动化安全工作流中的安全工程师、应用开发者、DevOps团队和合规官员。
使用方法
示例请求
json
{
query: log4j 2.14.1
}
示例响应
json
{
vulnerabilities: [
{
cve_id: CVE-2021-44228,
title: Apache Log4j2 JNDI功能未针对攻击者控制的LDAP及其他JNDI相关端点提供保护,
severity: 严重,
cvss_score: 10.0,
affected_versions: [
2.0-beta9 至 2.15.0
],
description: Apache Log4j2 2.16.0以下版本存在通过JNDI注入导致的远程代码执行漏洞。,
published_date: 2021-12-10,
updated_date: 2024-01-15,
remediation: 升级至Log4j 2.16.0或更高版本
}
],
query_timestamp: 2024-01-20T14:32:15Z,
totalvulnerabilitiesfound: 1
}
接口端点
POST /scan-cve
扫描与给定查询字符串匹配的常见漏洞与暴露。
方法: POST
路径: /scan-cve
请求参数:
| 名称 | 类型 | 必填 | 描述 |
|---|
| query | 字符串 | 是 | CVE扫描的搜索查询。可以是软件包名称、版本字符串、CVE标识符(例如CVE-2021-44228)或组件名称。 |
请求体(application/json):
json
{
query: 字符串
}
响应(200 - 成功):
返回包含匹配CVE记录的JSON对象,包括漏洞详情、严重等级信息、受影响版本及推荐的修复步骤。
响应(422 - 验证错误):
当请求模式无效或缺少必填字段时,返回验证错误详情。
json
{
detail: [
{
loc: [body, query],
msg: 缺少必填字段,
type: value_error.missing
}
]
}
定价方案
| 方案 | 每日调用次数 | 每月调用次数 | 价格 |
|---|
| 免费版 | 5 | 50 | 免费 |
| 开发者版 |
20 | 500 | $39/月 |
| 专业版 | 200 | 5,000 | $99/月 |
| 企业版 | 100,000 | 1,000,000 | $299/月 |
关于我们
ToolWeb.in — 200+安全API,CISSP与CISM认证,平台:按次付费、API网关、MCP服务器、OpenClaw、RapidAPI、YouTube。
参考信息
- - Kong路由: https://api.mkkpro.com/security/cve-scanner
- API文档: https://api.mkkpro.com:8010/docs
