The purpose of this document is to provide information about the API functionality of the Patchstack vulnerability database.
The base URL of the API is https://patchstack.com/database/api/v2
All responses are in the JSON format. For performance reasons, responses are cached until we update the database after which the appropriate caches are cleared.
An API key is required. This API key should be present in the PSKey HTTP request header.
Description: Retrieve the latest 20 vulnerabilities which have been added to the database. Endpoint: /latest Method: GET
Description: Retrieve vulnerabilities of a specific plugin, theme or WordPress core version. Endpoint: /product/TYPE/NAME/VERSION/EXISTS? Method: GET
TYPE = theme, plugin, wordpress NAME = Slug of the theme, slug of the plugin, or “wordpress” in case TYPE is set to wordpress VERSION = Version to check for vulnerabilities EXISTS = Optional flag that will not return all vulnerabilities but only a boolean response whether or not there are vulnerabilities. This flag being present results in a faster response.
Description: Retrieve vulnerabilities in bulk of a number of plugins, themes or WordPress versions. Endpoint: /batch Method: POST Payload: Raw JSON payload, same format as the individual vulnerability endpoint. This payload should contain no more than 50 objects.