Skip to main content
GET
/
v2
/
vulnerabilities
/
component
Get vulnerability information for a single software component.
curl --request GET \
  --url http://api.scanoss.com/v2/vulnerabilities/component
{
  "component": {
    "purl": "pkg:github/scanoss/engine",
    "requirement": "=>1.0.0",
    "version": "1.0.0",
    "vulnerabilities": [
      {
        "id": "CVE-1999-0214",
        "cve": "CVE-1999-0214",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0214",
        "summary": "Denial of service by sending forged ICMP unreachable packets",
        "severity": "High",
        "published": "1992-07-21",
        "modified": "2025-04-02",
        "source": "NVD",
        "cvss": [
          {
            "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "cvss_score": 7.5,
            "cvss_severity": "High"
          }
        ],
        "epss": {
          "probability": 0.00483,
          "percentile": 0.64405
        }
      }
    ]
  },
  "status": {
    "status": "SUCCESS",
    "message": "Vulnerabilities Successfully retrieved"
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt

Use this file to discover all available pages before exploring further.

Query Parameters

purl
string
required

Package URL identifying the component to analyze.

requirement
string

Version constraint for component resolution when PURL lacks explicit version.

Response

A successful response.

Success example. For error cases, the component block reports the processing status via info_message and info_code. Example: {"component":{"purl":"pkg:github/unknown/component","requirement":"","version":"","vulnerabilities":[],"info_message":"Component not found in database","info_code":"COMPONENT_NOT_FOUND"},"status":{"status":"SUCCESS","message":"Request processed"}}

component
object

Vulnerability information for a specific component identified by PURL and version.

Contains comprehensive vulnerability details including CVE information, severity scores, and security metadata for software components.

status
object

Detailed response details.