{ "item": [ { "name": "List all vulnerabilities", "request": { "name": "List all vulnerabilities", "description": { "content": "Paginated listing of every published vulnerability for the given\nplatform, ordered by descending `id`.\n\nSupports **two independent pagination strategies**:\n\n- **Offset** (`?page=&per_page=`) — returns a `pagination` block with\n totals. Easy to jump to a specific page; slower at depth and\n susceptible to row-shift when new vulnerabilities land while paging.\n- **Cursor** (`?cursor=`) — returns a `cursor` block with `next_cursor`,\n `has_more`, `per_page`. Stable under concurrent inserts and faster at\n any depth. No `total` count.\n\n`cursor` and `page` are mutually exclusive; passing both returns\n`422 Unprocessable Entity`.\n", "type": "text/plain" }, "url": { "path": [ "all" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "key": "platform", "value": "wordpress", "description": "Platform to query. Case-insensitive." }, { "disabled": false, "key": "page", "value": "1", "description": "Offset-pagination page (1-indexed). Mutually exclusive with `cursor`." }, { "disabled": false, "key": "per_page", "value": "100", "description": "Page size." }, { "disabled": false, "key": "cursor", "value": "string", "description": "Opaque cursor. Presence of the param switches to cursor mode (send an\nempty value to bootstrap). Mutually exclusive with `page`.\n" }, { "disabled": false, "key": "include", "value": "details", "description": "Pass `details` to include the full advisory body (`advisory_details`) per item." } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "auth": null }, "response": [ { "name": "Paginated vulnerability listing.", "originalRequest": { "url": { "path": [ "all" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" }, { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"vulnerabilities\": [],\n \"pagination\": {\n \"current_page\": 1,\n \"per_page\": 25,\n \"total\": 6115,\n \"total_pages\": 245,\n \"has_next_page\": true,\n \"has_previous_page\": false,\n \"next_page\": 2,\n \"previous_page\": null,\n \"from\": 1,\n \"to\": 25\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "name": "Missing or invalid `PSKey` header.", "originalRequest": { "url": { "path": [ "all" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "API key not authorised for the requested endpoint.", "originalRequest": { "url": { "path": [ "all" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "Invalid parameter combination (e.g. `cursor` + `page`), invalid `platform`, or `per_page > 500`.", "originalRequest": { "url": { "path": [ "all" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Unprocessable Entity (WebDAV) (RFC 4918)", "code": 422, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "Rate limit exceeded.", "originalRequest": { "url": { "path": [ "all" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "Latest vulnerabilities (last 24 hours)", "request": { "name": "Latest vulnerabilities (last 24 hours)", "description": { "content": "Returns vulnerabilities whose row was inserted into the Patchstack\ndatabase in the last 24 hours. The filter is on `created_at`\n(insertion time), **not** `disclosure_date`.\n\nAccepts the same query parameters as `/all`.\n", "type": "text/plain" }, "url": { "path": [ "latest" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "key": "platform", "value": "wordpress", "description": "Platform to query. Case-insensitive." }, { "disabled": false, "key": "page", "value": "1", "description": "Offset-pagination page (1-indexed). Mutually exclusive with `cursor`." }, { "disabled": false, "key": "per_page", "value": "100", "description": "Page size." }, { "disabled": false, "key": "cursor", "value": "string", "description": "Opaque cursor. Presence of the param switches to cursor mode (send an\nempty value to bootstrap). Mutually exclusive with `page`.\n" }, { "disabled": false, "key": "include", "value": "details", "description": "Pass `details` to include the full advisory body (`advisory_details`) per item." } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "auth": null }, "response": [ { "name": "Paginated 24h vulnerability listing.", "originalRequest": { "url": { "path": [ "latest" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" }, { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"vulnerabilities\": [\n {\n \"id\": 46500,\n \"title\": \"NPM: OpenClaw: ...\",\n \"disclosed_at\": \"2026-04-03T03:15:56+00:00\",\n \"created_at\": \"2026-04-21T08:38:34+00:00\",\n \"url\": \"https://patchstack.com/database/npm/npm/openclaw/vulnerability/...\",\n \"vuln_type\": \"Other Vulnerability Type\",\n \"cve\": \"2026-41331\",\n \"is_exploited\": false,\n \"patch_priority\": 2,\n \"advisory_details\": \"## Summary\\n...\",\n \"product\": {\n \"id\": 23595,\n \"name\": \"openclaw\",\n \"slug\": \"openclaw\"\n },\n \"cvss\": {\n \"score\": 6.9,\n \"vector\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\"\n },\n \"cwe\": {\n \"id\": 770,\n \"name\": \"Allocation of Resources Without Limits or Throttling\"\n },\n \"capec\": {\n \"id\": null,\n \"name\": null\n },\n \"references\": [\n \"https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m\",\n \"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31\"\n ],\n \"ghsa\": \"GHSA-m6fx-m8hc-572m\",\n \"version_info\": {\n \"affected\": \"<= 2026.3.28\",\n \"fixed\": \"2026.3.31\"\n }\n },\n {\n \"id\": 46500,\n \"title\": \"NPM: OpenClaw: ...\",\n \"disclosed_at\": \"2026-04-03T03:15:56+00:00\",\n \"created_at\": \"2026-04-21T08:38:34+00:00\",\n \"url\": \"https://patchstack.com/database/npm/npm/openclaw/vulnerability/...\",\n \"vuln_type\": \"Other Vulnerability Type\",\n \"cve\": \"2026-41331\",\n \"is_exploited\": false,\n \"patch_priority\": 2,\n \"advisory_details\": \"## Summary\\n...\",\n \"product\": {\n \"id\": 23595,\n \"name\": \"openclaw\",\n \"slug\": \"openclaw\"\n },\n \"cvss\": {\n \"score\": 6.9,\n \"vector\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\"\n },\n \"cwe\": {\n \"id\": 770,\n \"name\": \"Allocation of Resources Without Limits or Throttling\"\n },\n \"capec\": {\n \"id\": null,\n \"name\": null\n },\n \"references\": [\n \"https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m\",\n \"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31\"\n ],\n \"ghsa\": \"GHSA-m6fx-m8hc-572m\",\n \"version_info\": {\n \"affected\": \"<= 2026.3.28\",\n \"fixed\": \"2026.3.31\"\n }\n }\n ],\n \"pagination\": {\n \"current_page\": 1,\n \"per_page\": 25,\n \"total\": 6115,\n \"total_pages\": 245,\n \"has_next_page\": true,\n \"has_previous_page\": false,\n \"from\": 1,\n \"to\": 25,\n \"next_page\": 2,\n \"previous_page\": null\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "name": "Missing or invalid `PSKey` header.", "originalRequest": { "url": { "path": [ "latest" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "API key not authorised for the requested endpoint.", "originalRequest": { "url": { "path": [ "latest" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "Invalid parameter combination (e.g. `cursor` + `page`), invalid `platform`, or `per_page > 500`.", "originalRequest": { "url": { "path": [ "latest" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Unprocessable Entity (WebDAV) (RFC 4918)", "code": 422, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "Rate limit exceeded.", "originalRequest": { "url": { "path": [ "latest" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "platform", "value": "wordpress" }, { "key": "page", "value": "1" }, { "key": "per_page", "value": "100" }, { "key": "cursor", "value": "string" }, { "key": "include", "value": "details" } ], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "product/{type}/{name}/{version}", "item": [ { "name": "Find vulnerabilities for a product", "request": { "name": "Find vulnerabilities for a product", "description": { "content": "Match a specific product + version against the vulnerability database\nand return every applicable advisory.\n\nnpm package slugs that include a `/` (e.g. `@scope/pkg`) conflict with\nthe route separator. URL-encode the `/` as `%2F`.\n", "type": "text/plain" }, "url": { "path": [ "product", ":type", ":name", ":version" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "key": "include", "value": "details", "description": "Pass `details` to include the full advisory body (`advisory_details`) per item." } ], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "auth": null }, "response": [ { "name": "Matched advisories (possibly empty).", "originalRequest": { "url": { "path": [ "product", ":type", ":name", ":version" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "include", "value": "details" } ], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" }, { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"vulnerabilities\": [\n {\n \"id\": 46500,\n \"title\": \"NPM: OpenClaw: ...\",\n \"disclosed_at\": \"2026-04-03T03:15:56+00:00\",\n \"created_at\": \"2026-04-21T08:38:34+00:00\",\n \"url\": \"https://patchstack.com/database/npm/npm/openclaw/vulnerability/...\",\n \"vuln_type\": \"Other Vulnerability Type\",\n \"cve\": \"2026-41331\",\n \"is_exploited\": false,\n \"patch_priority\": 2,\n \"advisory_details\": \"## Summary\\n...\",\n \"product\": {\n \"id\": 23595,\n \"name\": \"openclaw\",\n \"slug\": \"openclaw\"\n },\n \"cvss\": {\n \"score\": 6.9,\n \"vector\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\"\n },\n \"cwe\": {\n \"id\": 770,\n \"name\": \"Allocation of Resources Without Limits or Throttling\"\n },\n \"capec\": {\n \"id\": null,\n \"name\": null\n },\n \"references\": [\n \"https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m\",\n \"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31\"\n ],\n \"ghsa\": \"GHSA-m6fx-m8hc-572m\",\n \"version_info\": {\n \"affected\": \"<= 2026.3.28\",\n \"fixed\": \"2026.3.31\"\n }\n },\n {\n \"id\": 46500,\n \"title\": \"NPM: OpenClaw: ...\",\n \"disclosed_at\": \"2026-04-03T03:15:56+00:00\",\n \"created_at\": \"2026-04-21T08:38:34+00:00\",\n \"url\": \"https://patchstack.com/database/npm/npm/openclaw/vulnerability/...\",\n \"vuln_type\": \"Other Vulnerability Type\",\n \"cve\": \"2026-41331\",\n \"is_exploited\": false,\n \"patch_priority\": 2,\n \"advisory_details\": \"## Summary\\n...\",\n \"product\": {\n \"id\": 23595,\n \"name\": \"openclaw\",\n \"slug\": \"openclaw\"\n },\n \"cvss\": {\n \"score\": 6.9,\n \"vector\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\"\n },\n \"cwe\": {\n \"id\": 770,\n \"name\": \"Allocation of Resources Without Limits or Throttling\"\n },\n \"capec\": {\n \"id\": null,\n \"name\": null\n },\n \"references\": [\n \"https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m\",\n \"https://github.com/openclaw/openclaw/releases/tag/v2026.3.31\"\n ],\n \"ghsa\": \"GHSA-m6fx-m8hc-572m\",\n \"version_info\": {\n \"affected\": \"<= 2026.3.28\",\n \"fixed\": \"2026.3.31\"\n }\n }\n ]\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "name": "Missing or invalid `PSKey` header.", "originalRequest": { "url": { "path": [ "product", ":type", ":name", ":version" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "include", "value": "details" } ], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "API key not authorised for the requested endpoint.", "originalRequest": { "url": { "path": [ "product", ":type", ":name", ":version" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "include", "value": "details" } ], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "Invalid parameter combination (e.g. `cursor` + `page`), invalid `platform`, or `per_page > 500`.", "originalRequest": { "url": { "path": [ "product", ":type", ":name", ":version" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "include", "value": "details" } ], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Unprocessable Entity (WebDAV) (RFC 4918)", "code": 422, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "Rate limit exceeded.", "originalRequest": { "url": { "path": [ "product", ":type", ":name", ":version" ], "host": [ "{{baseUrl}}" ], "query": [ { "key": "include", "value": "details" } ], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "Boolean exists check for a product", "request": { "name": "Boolean exists check for a product", "description": { "content": "Boolean-only variant of the product lookup. Returns `{ \"vulnerable\": true }`\nor `{ \"vulnerable\": false }` without the advisory payload — useful for\nlightweight health checks and dashboard tiles where the advisory body\nisn't needed.\n", "type": "text/plain" }, "url": { "path": [ "product", ":type", ":name", ":version", "exists" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "auth": null }, "response": [ { "name": "Boolean result.", "originalRequest": { "url": { "path": [ "product", ":type", ":name", ":version", "exists" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" }, { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"vulnerable\": true\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "name": "Missing or invalid `PSKey` header.", "originalRequest": { "url": { "path": [ "product", ":type", ":name", ":version", "exists" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "API key not authorised for the requested endpoint.", "originalRequest": { "url": { "path": [ "product", ":type", ":name", ":version", "exists" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "Rate limit exceeded.", "originalRequest": { "url": { "path": [ "product", ":type", ":name", ":version", "exists" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "type": "any", "value": "npm", "key": "type", "description": "(Required) Product ecosystem." }, { "disabled": false, "type": "any", "value": "axios", "key": "name", "description": "(Required) npm package slug or WordPress plugin/theme slug. Use `wordpress` when `type=wordpress`." }, { "disabled": false, "type": "any", "value": "0.21.4", "key": "version", "description": "(Required) Concrete version (e.g. `0.21.4`) or `*` to return every advisory for the product." } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "GET", "body": {} }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ], "event": [] }, { "name": "Bulk product check", "request": { "name": "Bulk product check", "description": { "content": "Check up to 50 products in a single request. Mirrors the format\ndocumented for the Extended tier's `/batch` endpoint.\n\nThe payload is a raw JSON array (not wrapped in an object). Each item\nis `{ \"type\", \"name\", \"version\", \"exists\"? }` — when `exists: true`\nthe result for that item is boolean-only; otherwise it's the full\nadvisory list for the product.\n", "type": "text/plain" }, "url": { "path": [ "batch" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "auth": null, "body": { "mode": "raw", "raw": "[\n {\n \"type\": \"npm\",\n \"name\": \"axios\",\n \"version\": \"0.21.4\",\n \"exists\": false\n },\n {\n \"type\": \"plugin\",\n \"name\": \"tutor\",\n \"version\": \"1.5.2\",\n \"exists\": true\n },\n {\n \"type\": \"wordpress\",\n \"name\": \"wordpress\",\n \"version\": \"6.0.0\",\n \"exists\": true\n }\n]", "options": { "raw": { "language": "json" } } } }, "response": [ { "name": "Per-item results, in request order.", "originalRequest": { "url": { "path": [ "batch" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "[\n {\n \"type\": \"npm\",\n \"name\": \"axios\",\n \"version\": \"0.21.4\",\n \"exists\": false\n },\n {\n \"type\": \"plugin\",\n \"name\": \"tutor\",\n \"version\": \"1.5.2\",\n \"exists\": true\n },\n {\n \"type\": \"wordpress\",\n \"name\": \"wordpress\",\n \"version\": \"6.0.0\",\n \"exists\": true\n }\n]", "options": { "raw": { "language": "json" } } } }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "[]", "cookie": [], "_postman_previewlanguage": "json" }, { "name": "Missing or invalid `PSKey` header.", "originalRequest": { "url": { "path": [ "batch" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "POST", "body": { "mode": "raw", "raw": "[\n {\n \"type\": \"npm\",\n \"name\": \"axios\",\n \"version\": \"0.21.4\",\n \"exists\": false\n },\n {\n \"type\": \"plugin\",\n \"name\": \"tutor\",\n \"version\": \"1.5.2\",\n \"exists\": true\n },\n {\n \"type\": \"wordpress\",\n \"name\": \"wordpress\",\n \"version\": \"6.0.0\",\n \"exists\": true\n }\n]", "options": { "raw": { "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "API key not authorised for the requested endpoint.", "originalRequest": { "url": { "path": [ "batch" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "POST", "body": { "mode": "raw", "raw": "[\n {\n \"type\": \"npm\",\n \"name\": \"axios\",\n \"version\": \"0.21.4\",\n \"exists\": false\n },\n {\n \"type\": \"plugin\",\n \"name\": \"tutor\",\n \"version\": \"1.5.2\",\n \"exists\": true\n },\n {\n \"type\": \"wordpress\",\n \"name\": \"wordpress\",\n \"version\": \"6.0.0\",\n \"exists\": true\n }\n]", "options": { "raw": { "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "Invalid parameter combination (e.g. `cursor` + `page`), invalid `platform`, or `per_page > 500`.", "originalRequest": { "url": { "path": [ "batch" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "POST", "body": { "mode": "raw", "raw": "[\n {\n \"type\": \"npm\",\n \"name\": \"axios\",\n \"version\": \"0.21.4\",\n \"exists\": false\n },\n {\n \"type\": \"plugin\",\n \"name\": \"tutor\",\n \"version\": \"1.5.2\",\n \"exists\": true\n },\n {\n \"type\": \"wordpress\",\n \"name\": \"wordpress\",\n \"version\": \"6.0.0\",\n \"exists\": true\n }\n]", "options": { "raw": { "language": "json" } } } }, "status": "Unprocessable Entity (WebDAV) (RFC 4918)", "code": 422, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "name": "Rate limit exceeded.", "originalRequest": { "url": { "path": [ "batch" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "PSKey", "value": "" } ], "method": "POST", "body": { "mode": "raw", "raw": "[\n {\n \"type\": \"npm\",\n \"name\": \"axios\",\n \"version\": \"0.21.4\",\n \"exists\": false\n },\n {\n \"type\": \"plugin\",\n \"name\": \"tutor\",\n \"version\": \"1.5.2\",\n \"exists\": true\n },\n {\n \"type\": \"wordpress\",\n \"name\": \"wordpress\",\n \"version\": \"6.0.0\",\n \"exists\": true\n }\n]", "options": { "raw": { "language": "json" } } } }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "text/plain" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ], "event": [], "variable": [ { "type": "string", "value": "https://patchstack.com/database/api/beta", "key": "baseUrl" } ], "auth": { "type": "apikey", "apikey": [ { "key": "key", "value": "PSKey" }, { "key": "value", "value": "{{apiKey}}" }, { "key": "in", "value": "header" } ] }, "info": { "name": "Patchstack Threat Intelligence API — Beta", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "description": { "content": "The Beta endpoints live alongside the v2 API and add npm coverage, an optional\nfull advisory body, a consistent nested response shape, and cursor pagination.\nThey are the recommended endpoints for new integrations; v2 remains available\nfor backwards compatibility.\n\n## Authentication\n\nEvery request must include your API key in the `PSKey` HTTP request header.\nRequest a key via .\n\n## Platforms\n\nPass `?platform=npm` (or `?platform=wordpress` — the default) on list\nendpoints. Platform names are case-insensitive.\n\n## Pagination\n\n`/all` and `/latest` support two independent strategies, selected by which\nquery parameter you pass:\n\n- **Offset** (`?page=&per_page=`) — returns totals; easy to jump to a\n specific page; susceptible to row-shift when new rows land while paging.\n- **Cursor** (`?cursor=`) — stable under concurrent inserts, faster at\n depth, no `total` count. Bootstrap with an empty value: `?cursor=`.\n\n`cursor` and `page` are mutually exclusive; passing both returns `422`.\n\n## Including full advisory bodies\n\nPass `?include=details` on any list endpoint to add an `advisory_details`\nmarkdown field to each item.\n\n## Scoped npm packages\n\nnpm package slugs that include a `/` (e.g. `@scope/pkg`) conflict with the\nroute separator. URL-encode the `/` as `%2F`.\n\n## Rate limiting\n\nSame policy as the Extended Threat Intelligence API. Contact\n if you need an elevated quota.\n\n## Errors\n\n| Status | Meaning |\n|---|---|\n| `401` | Missing or invalid `PSKey` header. |\n| `403` | API key not authorised for the requested endpoint. |\n| `422` | Invalid parameter combination or value (e.g. `cursor` + `page`, invalid `platform`, `per_page > 500`). |\n| `429` | Rate limit exceeded. |\n| `500` | Server error — include the request id in any bug report. |\n\nA malformed cursor returns `200` with an empty page rather than an error:\n\n```json\n{ \"vulnerabilities\": [], \"cursor\": { \"next_cursor\": null, \"has_more\": false, \"per_page\": 100 } }\n```\n\n## Related pages\n\n- Narrative guide with code samples: [Beta tier API](/api-solutions/threat-intelligence-api/beta/)\n- OpenAPI spec (import into Postman / Insomnia / Bruno / Hoppscotch): \n- Postman collection (pre-imported): \n\nIntegration questions: .\n\n\nContact Support:\n Name: Patchstack\n Email: dave.jong@patchstack.com", "type": "text/plain" } } }