{"openapi":"3.1.0","info":{"title":"CSIRTS.com Security Advisory API","version":"1.0.0","description":"Free, no-key, CORS-enabled API over the CSIRTS.com unified security advisory feed: official advisories from 24 national CERTs, vendor PSIRTs and vulnerability databases, normalized to one schema, translated to English, severity-rated and flagged against the CISA KEV catalog. Please cite https://www.csirts.com and the original publishing source.","contact":{"url":"https://www.csirts.com/about"}},"servers":[{"url":"https://www.csirts.com"}],"paths":{"/api/advisories":{"get":{"operationId":"listAdvisories","summary":"Search and filter security advisories","description":"Newest-first advisories, 50 per page. All filters combine with AND. Responses are cached for 5 minutes.","parameters":[{"name":"q","in":"query","schema":{"type":"string"},"description":"Full-text search in advisory titles","example":"ivanti"},{"name":"source","in":"query","schema":{"type":"string"},"description":"Source id (see /sources), e.g. cisa, cert-eu, nvd","example":"cisa"},{"name":"severity","in":"query","schema":{"type":"string","enum":["critical","high","medium","low","unknown"]}},{"name":"cve","in":"query","schema":{"type":"string","pattern":"^CVE-\\d{4}-\\d{4,7}$"},"description":"Only advisories referencing this CVE","example":"CVE-2026-45659"},{"name":"exploited","in":"query","schema":{"type":"string","enum":["1"]},"description":"Set to 1 for CISA-KEV-listed (actively exploited) only"},{"name":"has_exploit","in":"query","schema":{"type":"string","enum":["1"]},"description":"Set to 1 for advisories with public exploit/PoC code available only"},{"name":"since","in":"query","schema":{"type":"string","format":"date"},"description":"Published on/after this date (ISO 8601)","example":"2026-06-01"},{"name":"page","in":"query","schema":{"type":"integer","minimum":1,"default":1}}],"responses":{"200":{"description":"Matching advisories","content":{"application/json":{"schema":{"type":"object","properties":{"total":{"type":"integer","description":"Total matches across all pages"},"page":{"type":"integer"},"count":{"type":"integer","description":"Advisories in this page"},"advisories":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"uuid","description":"Internal advisory id"},"num":{"type":"integer","description":"Short advisory number used in canonical URLs (/advisory/<slug>-<num>)"},"source_id":{"type":"string","description":"Source identifier, e.g. cisa, cert-eu, cccs, jpcert (see /sources)"},"external_id":{"type":"string","description":"Identifier at the publishing source"},"title":{"type":"string","description":"Advisory title (machine-translated to English when needed)"},"summary":{"type":["string","null"],"description":"Plain-text summary/body extract"},"link":{"type":"string","format":"uri","description":"Original advisory URL at the publishing source"},"severity":{"type":"string","enum":["critical","high","medium","low","unknown"]},"cvss":{"type":["number","null"],"description":"CVSS base score when known"},"cves":{"type":"array","items":{"type":"string"},"description":"CVE ids referenced by the advisory"},"exploited":{"type":"boolean","description":"True when any referenced CVE is in the CISA KEV catalog"},"has_exploit":{"type":"boolean","description":"True when public exploit/PoC code exists for a referenced CVE (Exploit-DB, Metasploit, nuclei-templates or GitHub PoC)"},"published_at":{"type":["string","null"],"format":"date-time"}}}}}}}}}}}},"/rss":{"get":{"operationId":"advisoryFeed","summary":"RSS 2.0 / Atom 1.0 advisory feed","description":"Same filters as /api/advisories plus per-product and per-vendor feeds. Defaults to curated sources (excludes the raw NVD firehose unless source=nvd or all=1). Human-readable directory of every feed: /feeds.","parameters":[{"name":"q","in":"query","schema":{"type":"string"},"description":"Full-text search in advisory titles","example":"ivanti"},{"name":"source","in":"query","schema":{"type":"string"},"description":"Source id (see /sources), e.g. cisa, cert-eu, nvd","example":"cisa"},{"name":"severity","in":"query","schema":{"type":"string","enum":["critical","high","medium","low","unknown"]}},{"name":"cve","in":"query","schema":{"type":"string","pattern":"^CVE-\\d{4}-\\d{4,7}$"},"description":"Only advisories referencing this CVE","example":"CVE-2026-45659"},{"name":"exploited","in":"query","schema":{"type":"string","enum":["1"]},"description":"Set to 1 for CISA-KEV-listed (actively exploited) only"},{"name":"has_exploit","in":"query","schema":{"type":"string","enum":["1"]},"description":"Set to 1 for advisories with public exploit/PoC code available only"},{"name":"product","in":"query","schema":{"type":"string"},"description":"Product slug from /products, e.g. sharepoint-server"},{"name":"vendor","in":"query","schema":{"type":"string"},"description":"Vendor slug from /products, e.g. microsoft"},{"name":"all","in":"query","schema":{"type":"string","enum":["1"]},"description":"Include the raw NVD CVE firehose"},{"name":"format","in":"query","schema":{"type":"string","enum":["atom"]},"description":"Emit Atom 1.0 instead of RSS 2.0"}],"responses":{"200":{"description":"Feed XML","content":{"application/rss+xml":{},"application/atom+xml":{}}}}}}}}