Skip to main content
GET
/
v2
/
vulnerabilities
/
component
Get vulnerability information for a single software component.
curl --request GET \
  --url http://api.scanoss.com/v2/vulnerabilities/component
{
  "component": {
    "purl": "pkg:github/scanoss/engine",
    "requirement": "=>1.0.0",
    "version": "1.0.0",
    "vulnerabilities": [
      {
        "id": "CVE-1999-0214",
        "cve": "CVE-1999-0214",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0214",
        "summary": "Denial of service by sending forged ICMP unreachable packets",
        "severity": "High",
        "published": "1992-07-21",
        "modified": "2025-04-02",
        "source": "NVD",
        "cvss": [
          {
            "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "cvss_score": 7.5,
            "cvss_severity": "High"
          }
        ],
        "epss": {
          "probability": 0.00483,
          "percentile": 0.64405
        }
      }
    ]
  },
  "status": {
    "status": "SUCCESS",
    "message": "Vulnerabilities Successfully retrieved"
  }
}

Query Parameters

purl
string
required

Package URL identifying the component to analyze.

requirement
string

Version constraint for component resolution when PURL lacks explicit version.

Response

A successful response.

Success example. For error cases, the component block reports the processing status via info_message and info_code. Example: {"component":{"purl":"pkg:github/unknown/component","requirement":"","version":"","vulnerabilities":[],"info_message":"Component not found in database","info_code":"COMPONENT_NOT_FOUND"},"status":{"status":"SUCCESS","message":"Request processed"}}

component
object

Vulnerability information for a specific component identified by PURL and version.

Contains comprehensive vulnerability details including CVE information, severity scores, and security metadata for software components.

status
object

Detailed response details.