Tenable CVE Scraper API - Documentation

Introduction

The Tenable CVE Scraper API provides programmatic access to Common Vulnerabilities and Exposures (CVE) data scraped from Tenable's vulnerability database. This API allows you to retrieve the latest vulnerabilities, search for specific CVEs, and access detailed vulnerability information.

Base URL

http://127.0.0.1:5000

All API endpoints are relative to this base URL.

Authentication

No authentication required

This API is currently open and does not require authentication tokens or API keys.

API Endpoints

GET /api/cve

Retrieves a list of the most recent CVEs from Tenable's main page.

Response Structure

count	integer	Total number of CVEs returned
cves	array	Array of CVE objects

CVE Object Fields

id	string	CVE identifier
description	string	Brief vulnerability description
details_url	string	API endpoint for full details

GET /api/cve/last

Fetches the most recently published CVE with complete details. This endpoint automatically retrieves the first CVE from the latest list and returns its full information.

Response Fields

id	string	CVE identifier
description	string	Detailed vulnerability description
dates	object	Publication and update timestamps
status	object	KEV and exploitation status
metrics	object	CVSS scores and EPSS data
links	object	External references and sources

GET /api/cve/{cve_id}

Retrieves comprehensive details for a specific CVE by its identifier.

Path Parameters

cve_id string Required. Format: CVE-YYYY-NNNNN

Format Requirement

The CVE ID must follow the standard format: CVE-YYYY-NNNNN where YYYY is the year and NNNNN is a numeric identifier.

Error Responses

400

Bad Request

Returned when the CVE ID format is invalid or malformed.

Expected format: CVE-YYYY-NNNNN

404

Not Found

Returned when the requested CVE does not exist in the Tenable database.

The CVE may not yet be published or the ID may be incorrect.

500

Internal Server Error

Returned when an unexpected error occurs on the server. This may indicate issues with the scraping service or Tenable's website.

Rate Limiting

No rate limits enforced

Currently, there are no rate limits on this API. However, please be respectful with your usage to avoid overloading the service.

{ "count": 25, "cves": [ { "id": "CVE-2025-XXXXX", "description": "Buffer overflow in XYZ software...", "details_url": "/api/cve/CVE-2025-XXXXX" }, { "id": "CVE-2025-YYYYY", "description": "SQL injection vulnerability...", "details_url": "/api/cve/CVE-2025-YYYYY" } ] }

{ "id": "CVE-2025-ZZZZZ", "description": "Detailed description for latest CVE...", "dates": { "published": "2025-10-26", "updated": "2025-10-26" }, "status": { "known_exploited_vulnerability_kev": true }, "metrics": { "cvss_v3": { "base_score": 9.8, "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/...", "severity": "Critical" }, "cvss_v2": null, "epss_score": 0.97123 }, "links": { "sources": [ { "name": "NVD", "url": "..." } ], "advisories": [ "..." ], "exploits_and_analysis": [], "references": [ "..." ] } }

{ "dates": { "published": null, "updated": null }, "description": "Heap-based buffer overflow in Windows GDI+...", "id": "CVE-2025-53766", "links": { "advisories": [ "https://msrc.microsoft.com/..." ], "exploits_and_analysis": [], "references": [ "https://www.helpnetsecurity.com/..." ], "sources": [ { "name": "Mitre", "url": "https://www.cve.org/..." }, { "name": "NVD", "url": "https://nvd.nist.gov/..." } ] }, "metrics": { "cvss_v2": null, "cvss_v3": null, "epss_score": null }, "status": { "known_exploited_vulnerability_kev": false } }