Skip to content
Patchstack Docs

Latest vulnerabilities

GET
/latest

Return the 20 most recently added vulnerabilities, ordered by descending created_at (insertion time, not disclosure_date).

Authorizations

Section titled “Authorizations ”

Responses

Section titled “ Responses ”

200

Section titled “200 ”

The 20 most recent vulnerabilities.

object
vulnerabilities
required
Array<object>

Flat per-item shape returned by the Extended tier. Superset of the Standard shape — adds description, vuln_type, cvss_score, cve, is_exploited, patch_priority, affected_in, and patched_in_ranges.

object
id
required

Stable Patchstack vulnerability id.

integer
Example
7976
product_id
required

Stable Patchstack product id.

integer
Example
2175
title
required

Human-readable title including product name, affected version, and vulnerability type.

string
Example
WordPress File Upload plugin <= 4.16.2 - Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)
description
required

Short narrative summary of the advisory.

string
Example
Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE) discovered by apple502j in WordPress File Upload plugin (versions <= 4.16.2).
disclosure_date

Disclosure date in YYYY-MM-DD HH:MM:SS form (legacy).

string
Example
2022-03-01 00:00:00
disclosed_at
required

Disclosure date in ISO 8601.

string format: date-time
Example
2022-03-01T00:00:00+00:00
created_at
required

When the row was inserted into the Patchstack database (ISO 8601). Drives /latest windowing.

string format: date-time
Example
2022-03-07T11:17:05+00:00
url
required

URL slug for the advisory.

string
Example
wordpress-file-upload-plugin-4-16-2-contributor-path-traversal-vulnerability-leading-to-remote-code-execution-rce
product_slug
required

Lowercase slug of the product.

string
Example
wp-file-upload
product_name
required

Display name of the product.

string
Example
WordPress File Upload
product_name_premium

Premium variant name when the author ships two plugins under the same slug. null in the common case.

string
nullable
product_type
required

Product ecosystem.

string
Allowed values: Plugin Theme WordPress
Example
Plugin
vuln_type
required

High-level vulnerability category (e.g. SQL Injection, Cross Site Scripting (XSS)).

string
Example
Directory Traversal
cvss_score

CVSS base score, 1.0–10.0. null for unclassified advisories.

number format: float
nullable
Example
8.8
cve
required

CVE identifiers. An advisory can have zero, one, or multiple.

Array<string>
Example
[
  "2021-24962"
]
is_exploited

Whether exploitation has been observed in the wild.

boolean
patch_priority

Recommended patch urgency.

  • 1 — Low → patch within 30 days
  • 2 — Medium → patch within 7 days
  • 3+ — High → patch immediately
  • null — unknown
integer
nullable >= 1
Example
3
affected_in
required

Affected version range. Formats include <= x.x.x, < x.x.x, x.x.x-x.x.x, x.x.x,x.x.x, or a single x.x.x.

string
Example
<= 4.16.2
fixed_in
required

First fixed version. Empty string when Patchstack has not yet recorded one.

string
Example
4.16.3
patched_in_ranges

For products that ship patches across multiple minor lines (WordPress core, WooCommerce, Ninja Forms, …), each entry describes a from_versionto_version range and its fix.

Array<object>
object
from_version
required

Starting version, inclusive.

string
Example
3.0
to_version
required

Ending version, inclusive.

string
Example
3.0.34.1
fixed_in
required

Version that contains the patch for this range.

string
Example
3.0.34.2
direct_url
required

Public Patchstack vulnerability page.

string format: uri
Example
https://patchstack.com/database/vulnerability/wp-file-upload/wordpress-file-upload-plugin-4-16-2-contributor-path-traversal-vulnerability-leading-to-remote-code-execution-rce

401

Section titled “401 ”

Missing or invalid PSKey header.

403

Section titled “403 ”

API key not authorised for the requested endpoint.

429

Section titled “429 ”

Rate limit exceeded.