Latest vulnerabilities (last 24 hours)

GET

/latest

• Production

Returns vulnerabilities whose row was inserted into the Patchstack database in the last 24 hours. The filter is on created_at (insertion time), not disclosure_date.

Accepts the same query parameters as /all.

Authorizations

• PSKey

Parameters

Query Parameters

platform

string

default: wordpress

Allowed values: wordpress npm

Platform to query. Case-insensitive.

page

integer

default: 1 >= 1

Offset-pagination page (1-indexed). Mutually exclusive with cursor.

per_page

integer

default: 100 >= 1 <= 500

Page size.

cursor

string

Opaque cursor. Presence of the param switches to cursor mode (send an empty value to bootstrap). Mutually exclusive with page.

include

string

Allowed values: details

Pass details to include the full advisory body (advisory_details) per item.

Responses

200

Paginated 24h vulnerability listing.

One of:

object

object

vulnerabilities

required

Array<object>

Per-item shape shared across list endpoints when platform=npm.

object

id

required

Stable Patchstack vulnerability id.

integer

Example

46500

title

required

Human-readable title (prefixed with NPM: for npm advisories).

string

Example

NPM: OpenClaw: ...

disclosed_at

required

When the vulnerability was publicly disclosed.

string format: date-time

created_at

required

When the row was inserted into the Patchstack DB. Drives /latest windowing.

string format: date-time

url

required

Public Patchstack vulnerability page (token-tagged).

string format: uri

vuln_type

required

High-level vulnerability category.

string

Example

Other Vulnerability Type

cve

required

First CVE identifier, or empty string when none is assigned.

string

Example

2026-41331

is_exploited

required

Whether exploitation has been observed in the wild.

boolean

patch_priority

required

1 (low) to 3 (high).

integer

>= 1 <= 3

advisory_details

Full advisory body (markdown). Only present when ?include=details was passed.

string

product

required

object

id

required

integer

name

required

string

slug

required

string

cvss

required

object

score

number format: float

nullable

vector

string

nullable

cwe

required

object

id

integer

nullable

name

string

nullable

capec

required

object

id

integer

nullable

name

string

nullable

references

required

External reference URLs (advisories, commits, tags).

Array<string>

ghsa

required

GHSA identifier when the advisory came from the GitHub Advisory Database.

string

version_info

required

object

affected

required

Affected version range (e.g. <= 2026.3.28).

string

fixed

required

First fixed version.

string

patched_ranges

required

Structured list of patch ranges for advisories with multiple patch ranges.

Array<object>

object

from_version

string

to_version

string

fixed_in

string

Example

{
  "id": 46500,
  "title": "NPM: OpenClaw: ...",
  "disclosed_at": "2026-04-03T03:15:56+00:00",
  "created_at": "2026-04-21T08:38:34+00:00",
  "url": "https://patchstack.com/database/npm/npm/openclaw/vulnerability/...",
  "vuln_type": "Other Vulnerability Type",
  "cve": "2026-41331",
  "is_exploited": false,
  "patch_priority": 2,
  "advisory_details": "## Summary\n...",
  "product": {
    "id": 23595,
    "name": "openclaw",
    "slug": "openclaw"
  },
  "cvss": {
    "score": 6.9,
    "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
  },
  "cwe": {
    "id": 770,
    "name": "Allocation of Resources Without Limits or Throttling"
  },
  "capec": {
    "id": null,
    "name": null
  },
  "references": [
    "https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m",
    "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"
  ],
  "ghsa": "GHSA-m6fx-m8hc-572m",
  "version_info": {
    "affected": "<= 2026.3.28",
    "fixed": "2026.3.31",
    "patched_ranges": []
  }
}

pagination

required

object

current_page

required

integer

Example

1

per_page

required

integer

Example

25

total

required

integer

Example

6115

total_pages

required

integer

Example

245

has_next_page

required

boolean

Example

true

has_previous_page

required

boolean

next_page

integer

nullable

Example

2

previous_page

integer

nullable

from

required

integer

Example

1

to

required

integer

Example

25

object

object

vulnerabilities

required

Array<object>

Per-item shape shared across list endpoints when platform=npm.

object

id

required

Stable Patchstack vulnerability id.

integer

Example

46500

title

required

Human-readable title (prefixed with NPM: for npm advisories).

string

Example

NPM: OpenClaw: ...

disclosed_at

required

When the vulnerability was publicly disclosed.

string format: date-time

created_at

required

When the row was inserted into the Patchstack DB. Drives /latest windowing.

string format: date-time

url

required

Public Patchstack vulnerability page (token-tagged).

string format: uri

vuln_type

required

High-level vulnerability category.

string

Example

Other Vulnerability Type

cve

required

First CVE identifier, or empty string when none is assigned.

string

Example

2026-41331

is_exploited

required

Whether exploitation has been observed in the wild.

boolean

patch_priority

required

1 (low) to 3 (high).

integer

>= 1 <= 3

advisory_details

Full advisory body (markdown). Only present when ?include=details was passed.

string

product

required

object

id

required

integer

name

required

string

slug

required

string

cvss

required

object

score

number format: float

nullable

vector

string

nullable

cwe

required

object

id

integer

nullable

name

string

nullable

capec

required

object

id

integer

nullable

name

string

nullable

references

required

External reference URLs (advisories, commits, tags).

Array<string>

ghsa

required

GHSA identifier when the advisory came from the GitHub Advisory Database.

string

version_info

required

object

affected

required

Affected version range (e.g. <= 2026.3.28).

string

fixed

required

First fixed version.

string

patched_ranges

required

Structured list of patch ranges for advisories with multiple patch ranges.

Array<object>

object

from_version

string

to_version

string

fixed_in

string

Example

{
  "id": 46500,
  "title": "NPM: OpenClaw: ...",
  "disclosed_at": "2026-04-03T03:15:56+00:00",
  "created_at": "2026-04-21T08:38:34+00:00",
  "url": "https://patchstack.com/database/npm/npm/openclaw/vulnerability/...",
  "vuln_type": "Other Vulnerability Type",
  "cve": "2026-41331",
  "is_exploited": false,
  "patch_priority": 2,
  "advisory_details": "## Summary\n...",
  "product": {
    "id": 23595,
    "name": "openclaw",
    "slug": "openclaw"
  },
  "cvss": {
    "score": 6.9,
    "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
  },
  "cwe": {
    "id": 770,
    "name": "Allocation of Resources Without Limits or Throttling"
  },
  "capec": {
    "id": null,
    "name": null
  },
  "references": [
    "https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m",
    "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"
  ],
  "ghsa": "GHSA-m6fx-m8hc-572m",
  "version_info": {
    "affected": "<= 2026.3.28",
    "fixed": "2026.3.31",
    "patched_ranges": []
  }
}

cursor

required

object

next_cursor

required

Opaque cursor for the next page. null when there are no more pages.

string

nullable

Example

djE6NDYzMzk

has_more

required

boolean

Example

true

per_page

required

integer

Example

25

401

Missing or invalid PSKey header.

403

API key not authorised for the requested endpoint.

422

Invalid parameter combination (e.g. cursor + page), invalid platform, or per_page > 500.

429

Rate limit exceeded.