Find a vulnerability by id

GET

/vulnerability/{id}

• Production

Look up a single advisory by its numeric id or PSID. Returns a richer shape than the list endpoints — includes CVSS vector, OWASP category, external references, credits, and submitter info.

Authorizations

• PSKey

Parameters

Path Parameters

id

required

string

Example

4760

Numeric Patchstack id or PSID.

Responses

200

Detailed advisory payload.

Response shape for GET /vulnerability/{id}.

object

vulnerability

required

object

title

required

string

Example

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.153.3 - Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability

description

required

string

Example

Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability discovered by WordFence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin (versions <= 5.153.3).

disclosure_date

Disclosure date in YYYY-MM-DD HH:MM:SS form (legacy).

string

Example

2021-05-03 00:00:00

disclosed_at

required

string format: date-time

Example

2021-05-03T00:00:00+00:00

created_at

required

string format: date-time

Example

2021-09-28T14:17:02+00:00

is_exploited

required

boolean

Example

true

url

required

URL slug for the advisory.

string

Example

wordpress-spam-protection-antispam-firewall-by-cleantalk-plugin-5-153-3-unauthenticated-time-based-blind-sql-injection-sqli-vulnerability

direct_url

required

string format: uri

Example

https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-plugin-5-153-3-unauthenticated-time-based-blind-sql-injection-sqli-vulnerability

product

required

object

name

required

string

Example

Spam protection, AntiSpam, FireWall by CleanTalk

slug

required

string

Example

cleantalk-spam-protect

type

required

string

Allowed values: Plugin Theme WordPress

Example

Plugin

type

required

Vulnerability category (e.g. SQL Injection).

string

Example

SQL Injection

cvss

object

score

number format: float

nullable

Example

7.5

vector

string

nullable

Example

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

description

string

nullable

owasp

OWASP category (e.g. A1: Injection).

string

Example

A1: Injection

references_url

External reference URLs with display titles.

Array<object>

object

url

required

string format: uri

Example

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24295

title

required

string

Example

CVE

cve

required

Array<string>

Example

[
  "2021-24295"
]

versions

required

object

affected_in

required

string

Example

<= 5.153.3

fixed_in

required

string

Example

5.153.4

versions_list

Comma-separated list of specific affected versions, when applicable.

string

nullable

credit

Discoverer of the vulnerability.

object

name

string

Example

WordFence

url

string format: uri

Example

https://twitter.com/wordfence

submitter

Submitter, when distinct from credit.

object

name

string

Example

h00die

url

string format: uri

Example

https://packetstormsecurity.com/files/author/7166/

401

Missing or invalid PSKey header.

403

API key not authorised for the requested endpoint.

404

Unknown product/version/vulnerability id.

429

Rate limit exceeded.