The CVE Crowd API allows you to integrate data from CVE Crowd into your application or business. CVE Crowd lists CVEs that are currently being discussed on the Fediverse. It can be used as a source of threat intelligence for your organization, or simply to keep up with the latest vulnerability news.

To understand how the API works, it is helpful to have a basic understanding of CVE Crowd's structure and design.

CVE Crowd displays recently mentioned CVEs in columns. Each column contains information about a single CVE. The title of the column shows the CVE ID. Just below that is additional information, such as the affected vendor and product, the dates the CVE was published and updated, and a CVSS vector associated with the vulnerability.

Next is the graph of mentions over the last 24 hours. This shows how many posts in the Fediverse contain the CVE ID. It also shows the number of interactions with those posts, which is the sum of favorites and reblogs across all posts. The graph is followed by the official description of the CVE, and finally all posts that mentioned the CVE.


CVE Crowd sorts CVE columns and the particular posts by their weights. Some API responses also contain these weights, so it is worth mentioning how they are calculated:

A post's weight is calculated as (100 + reblogs * 10 + favorites) * old_post_penalty

The old_post_penalty is 0.5 if the post is older than 12 hours and 1 otherwise. This way, newer posts are more prominent than older ones.

The weight of a CVE column is generally the sum of the weights of all posts. However, if the same user has multiple posts with the same CVE ID, only the post with the highest weight is considered. This is a countermeasure against the scenario where a single user accidentally or intentionally spams many posts with the same CVE number, which would make that CVE appear prominently on CVE Crowd.

User Exclusive CVEs

CVE Crowd also limits the number of User Exclusive CVEs. These are CVE columns that contain posts from only one account. Currently, the limit is set to five. This means that if a user mentions six different CVEs that no one else has mentioned, only five of those CVEs will be listed. This is to prevent simple spamming attempts and also to ensure that power users do not take up the entire page.

The API currently does not have this restriction.

So if you find that the number of CVE IDs returned by the API is greater than the number of columns on CVE Crowd, this may be the reason.

API Integration


The CVE Crowd API specification follows OpenAPI Specification 3.0.3.

You can download it here: CVE Crowd API.yaml

You can also use the interactive SwaggerUI to explore and test API calls. Note that this still requires an API key.


The CVE Crowd API is a simple REST API. It is based upon HTTP(S). The HTTP body, if present, is a JSON formatted document with UTF-8 encoded content. A simple request-response pair is shown below as an example:


GET /api/v1/cves?days=1 HTTP/1.1
Authorization: Bearer e1166f68-ce2e-48d2-94dd-06ac6b1bcacb


HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 14 Mar 2024 20:00:06 GMT
Content-Type: application/json
Content-Length: 67
Connection: keep-alive
Vary: Accept
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains


Standard HTTP status codes are used to indicate successful and erroneous responses.

API Keys

Each API request must pass an API key in the Authorization HTTP header using the Bearer authentication scheme. Consider the above request as an example. Once you signed-up, you can create API keys in self-service on this portal.

Post's Content

There is no real-time redaction on content of posts. We take no responsibility for the content of posts and cannot guarantee that it is appropriate.

Posts are HTML-formatted and JSON-escaped to preserve links and formatting. The API relies on Mastodon's filtering and escaping mechanisms. However, if you are embedding posts into your application, their content should be considered malicious, as if they were cross-site scripting payloads or similar.


This section contains examples of how to use the API.

Account URL List

The following code retrieves a list of the URLs of accounts that have mentioned a particular CVE ID in a given timeframe.
import requests # pip install requests

# API Key from the CVE Crowd API
API_KEY = 'e1166f68-ce2e-48d2-94dd-06ac6b1bcacb'

# The CVE ID for which you are requesting information
CVE_ID = 'CVE-2024-3094'

# Number of days from today to search for CVE mentions back in time
DAYS = 3

if __name__ == '__main__':
	headers = {'Authorization':'Bearer {}'.format(API_KEY)}
	response = requests.get(f'{CVE_ID}/posts?days={DAYS}', headers=headers)
	json = response.json()
	accounts = set()
	for post in json:

	for account in sorted(accounts):