Join us in London for Infosecurity Europe June 2 – 4, 2026 | Booth C69 | Excel London | Get a FREE ticket
Components
Encryption
Dependencies
Geoprovenance
Licenses
Scanning
Semgrep
Vulnerabilities
- GETGet vulnerability information for a single software component.
- POSTGet vulnerability information for multiple software components in a single request.
- GETGet CPEs (Common Platform Enumeration) associated with a single software component.
- POSTGet CPEs (Common Platform Enumeration) associated with multiple software components.
- POSTReturns the same message that was sent, used for health checks and connectivity testing
curl --request GET \
--url http://api.scanoss.com/v2/vulnerabilities/component{
"component": {
"purl": "pkg:github/scanoss/engine",
"requirement": "=>1.0.0",
"version": "1.0.0",
"vulnerabilities": [
{
"id": "CVE-1999-0214",
"cve": "CVE-1999-0214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0214",
"summary": "Denial of service by sending forged ICMP unreachable packets",
"severity": "High",
"published": "1992-07-21",
"modified": "2025-04-02",
"source": "NVD",
"cvss": [
{
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cvss_score": 7.5,
"cvss_severity": "High"
}
],
"epss": {
"probability": 0.00483,
"percentile": 0.64405
}
}
]
},
"status": {
"status": "SUCCESS",
"message": "Vulnerabilities Successfully retrieved"
}
}Get vulnerability information for a single software component.
Analyzes the component and returns known vulnerabilities including CVE details, severity scores, publication dates, and other security metadata. Vulnerability data is sourced from various security databases and feeds.
curl --request GET \
--url http://api.scanoss.com/v2/vulnerabilities/component{
"component": {
"purl": "pkg:github/scanoss/engine",
"requirement": "=>1.0.0",
"version": "1.0.0",
"vulnerabilities": [
{
"id": "CVE-1999-0214",
"cve": "CVE-1999-0214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0214",
"summary": "Denial of service by sending forged ICMP unreachable packets",
"severity": "High",
"published": "1992-07-21",
"modified": "2025-04-02",
"source": "NVD",
"cvss": [
{
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cvss_score": 7.5,
"cvss_severity": "High"
}
],
"epss": {
"probability": 0.00483,
"percentile": 0.64405
}
}
]
},
"status": {
"status": "SUCCESS",
"message": "Vulnerabilities Successfully retrieved"
}
}Documentation Index
Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
Use this file to discover all available pages before exploring further.
Query Parameters
Package URL identifying the component to analyze.
Version constraint for component resolution when PURL lacks explicit version.
Response
A successful response.
Success example. For error cases, the component block reports the processing status via info_message and info_code. Example: {"component":{"purl":"pkg:github/unknown/component","requirement":"","version":"","vulnerabilities":[],"info_message":"Component not found in database","info_code":"COMPONENT_NOT_FOUND"},"status":{"status":"SUCCESS","message":"Request processed"}}
Vulnerability information for a specific component identified by PURL and version.
Contains comprehensive vulnerability details including CVE information, severity scores, and security metadata for software components.
Show child attributes
Show child attributes
Detailed response details.
Show child attributes
Show child attributes