Join us in London for Infosecurity Europe June 2 – 4, 2026 | Booth C69 | Excel London | Get a FREE ticket
Components
Encryption
Dependencies
Geoprovenance
Licenses
Scanning
Semgrep
Vulnerabilities
- GETGet vulnerability information for a single software component.
- POSTGet vulnerability information for multiple software components in a single request.
- GETGet CPEs (Common Platform Enumeration) associated with a single software component.
- POSTGet CPEs (Common Platform Enumeration) associated with multiple software components.
- POSTReturns the same message that was sent, used for health checks and connectivity testing
curl --request POST \
--url http://api.scanoss.com/v2/vulnerabilities/components \
--header 'Content-Type: application/json' \
--data '
{
"components": [
{
"purl": "pkg:github/scanoss/engine@1.0.0"
},
{
"purl": "pkg:github/scanoss/scanoss.py@v1.30.0"
}
]
}
'{
"components": [
{
"purl": "pkg:github/scanoss/engine",
"requirement": "1.0.0",
"version": "1.0.0",
"vulnerabilities": [
{
"id": "CVE-1999-0214",
"cve": "CVE-1999-0214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0214",
"summary": "Denial of service by sending forged ICMP unreachable packets",
"severity": "High",
"published": "1992-07-21",
"modified": "2025-04-02",
"source": "NVD",
"cvss": [
{
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cvss_score": 7.5,
"cvss_severity": "High"
}
],
"epss": {
"probability": 0.00483,
"percentile": 0.64405
}
}
]
},
{
"purl": "pkg:github/scanoss/scanoss.py",
"requirement": "v1.30.0",
"version": "v1.30.0",
"vulnerabilities": [
{
"id": "CVE-2024-54321",
"cve": "CVE-2024-54321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54321",
"summary": "Denial of service vulnerability",
"severity": "Medium",
"published": "2024-01-15",
"modified": "2024-02-01",
"source": "NDV",
"cvss": [
{
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"cvss_score": 4.3,
"cvss_severity": "Medium"
}
],
"epss": {
"probability": 0.0012,
"percentile": 0.3162
}
}
]
}
],
"status": {
"status": "SUCCESS",
"message": "Vulnerabilities Successfully retrieved"
}
}Get vulnerability information for multiple software components in a single request.
Analyzes multiple components and returns known vulnerabilities for each including CVE details, severity scores, publication dates, and other security metadata. Vulnerability data is sourced from various security databases and feeds.
curl --request POST \
--url http://api.scanoss.com/v2/vulnerabilities/components \
--header 'Content-Type: application/json' \
--data '
{
"components": [
{
"purl": "pkg:github/scanoss/engine@1.0.0"
},
{
"purl": "pkg:github/scanoss/scanoss.py@v1.30.0"
}
]
}
'{
"components": [
{
"purl": "pkg:github/scanoss/engine",
"requirement": "1.0.0",
"version": "1.0.0",
"vulnerabilities": [
{
"id": "CVE-1999-0214",
"cve": "CVE-1999-0214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0214",
"summary": "Denial of service by sending forged ICMP unreachable packets",
"severity": "High",
"published": "1992-07-21",
"modified": "2025-04-02",
"source": "NVD",
"cvss": [
{
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cvss_score": 7.5,
"cvss_severity": "High"
}
],
"epss": {
"probability": 0.00483,
"percentile": 0.64405
}
}
]
},
{
"purl": "pkg:github/scanoss/scanoss.py",
"requirement": "v1.30.0",
"version": "v1.30.0",
"vulnerabilities": [
{
"id": "CVE-2024-54321",
"cve": "CVE-2024-54321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54321",
"summary": "Denial of service vulnerability",
"severity": "Medium",
"published": "2024-01-15",
"modified": "2024-02-01",
"source": "NDV",
"cvss": [
{
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"cvss_score": 4.3,
"cvss_severity": "Medium"
}
],
"epss": {
"probability": 0.0012,
"percentile": 0.3162
}
}
]
}
],
"status": {
"status": "SUCCESS",
"message": "Vulnerabilities Successfully retrieved"
}
}Documentation Index
Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
Use this file to discover all available pages before exploring further.
Body
Represents a list of software component to be analyzed by SCANOSS API services. Allows analysis of multiple software components in a single API call, improving performance over individual requests.
Represents a list of software component to be analyzed by SCANOSS API services. Allows analysis of multiple software components in a single API call, improving performance over individual requests.
Show child attributes
Show child attributes
Response
A successful response.
Success example. For error cases, each component block reports the processing status via info_message and info_code. Example: {"components":[{"purl":"pkg:github/scanoss/engine","requirement":"1.0.0","version":"1.0.0","vulnerabilities":[{"id":"CVE-1999-0214","cve":"CVE-1999-0214"}]},{"purl":"pkg:github/unknown/component","requirement":"","version":"","vulnerabilities":[],"info_message":"Component not found in database","info_code":"COMPONENT_NOT_FOUND"}],"status":{"status":"SUCCESS","message":"Request processed"}}