# CVE Vulnerability Lookup (NIST NVD) (`automation-lab/cve-vulnerability-lookup`) Actor
Query the NIST NVD for CVE details — lookup by CVE ID, keyword, or CPE product. Returns CVSS scores, descriptions, CWE IDs, affected software, and patch links. No API key required.
- **URL**: https://apify.com/automation-lab/cve-vulnerability-lookup.md
- **Developed by:** [Stas Persiianenko](https://apify.com/automation-lab) (community)
- **Categories:** Developer tools
- **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks
- **User rating**: No ratings yet
## Pricing
Pay per event
This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events.
Since this Actor supports Apify Store discounts, the price gets lower the higher subscription plan you have.
Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event
## What's an Apify Actor?
Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases.
In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours,
and optionally produces a well-defined JSON output, datasets with results, or files in key-value store.
In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server.
Actors are written with capital "A".
## How to integrate an Actor?
If asked about integration, you help developers integrate Actors into their projects.
You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready.
The best way to integrate Actors is as follows.
In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md):
```bash
npm install apify-client
```
In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md):
```bash
pip install apify-client
```
In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md):
````bash
# MacOS / Linux
curl -fsSL https://apify.com/install-cli.sh | bash
# Windows
irm https://apify.com/install-cli.ps1 | iex
```bash
In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md).
If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md).
For usage examples, see the [API](#api) section below.
For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt).
# README
## CVE Vulnerability Lookup (NIST NVD)
Query the **NIST National Vulnerability Database (NVD)** for CVE vulnerability details — no API key required, no proxy needed. Look up by CVE ID, keyword, or CPE product name. Export severity scores, descriptions, affected versions, CWE weakness classifications, and patch links to JSON, CSV, or Excel.
Try it free on Apify: [CVE Vulnerability Lookup](https://apify.com/automation-lab/cve-vulnerability-lookup)
---
### What does CVE Vulnerability Lookup do?
CVE Vulnerability Lookup queries the official [NIST NVD API](https://nvd.nist.gov/developers/vulnerabilities) (completely free and public) to retrieve structured vulnerability data for any CVE identifier.
You can look up **specific CVE IDs** (like CVE-2021-44228 Log4Shell), run a **keyword search** across all NVD records (e.g., "apache struts remote code execution"), or search by **CPE product name** to find all vulnerabilities for a specific software version.
Each result includes CVSSv3/v2 scores and severity, full English descriptions, CWE weakness IDs, a deduplicated list of patch/fix URLs, and the direct NVD link. Pure HTTP — no browser, no proxy, no login.
---
### Who is CVE Vulnerability Lookup for?
**Security engineers and DevSecOps teams**
- Automate vulnerability triage: pull CVE details for your dependency SBOMs via API
- Integrate NVD data into your internal SIEM, ticketing, or patch management workflows
- Schedule daily pulls to catch newly published CVEs for your tech stack
**Penetration testers and red teams**
- Quickly enumerate all known CVEs for a specific CPE product and version
- Export critical/high severity CVEs for a target technology to JSON or CSV
- Feed CVE data into your pentest reporting automation
**CTI (Cyber Threat Intelligence) analysts**
- Monitor CVE publication rates and severity trends for vendor products
- Build CVE feeds for threat intel platforms (Splunk, Elastic, OpenCTI)
- Extract CWE patterns across vulnerability classes for trend analysis
**Compliance and audit teams**
- Verify patch status for specific CVE IDs mentioned in audit findings
- Bulk-query CVEs by keyword to produce evidence for compliance reports
- Export CVSS scores for risk scoring worksheets
---
### Why use CVE Vulnerability Lookup?
- ✅ **Free public API** — NIST NVD is completely free, no API key or account needed
- ✅ **No proxy required** — pure HTTP with zero browser overhead
- ✅ **Three lookup modes** — by CVE ID, keyword search, or CPE product name
- ✅ **Structured output** — CVSS v3.1/v3.0/v2, CWE IDs, affected products, patch URLs
- ✅ **Severity filtering** — filter results to only return HIGH or CRITICAL CVEs
- ✅ **Date range support** — filter by CVE publication date
- ✅ **Batch CVE lookup** — provide up to thousands of CVE IDs in one run
- ✅ **Apify platform advantages** — export to JSON/CSV/Excel, schedule runs, API access, Zapier/Make integration, webhook triggers
---
### What data can you extract?
| Field | Description |
|-------|-------------|
| 🔑 `cveId` | CVE identifier (e.g. CVE-2021-44228) |
| 📅 `publishedDate` | Date CVE was first published to NVD |
| 🔄 `lastModifiedDate` | Date of last NVD update |
| 📊 `vulnStatus` | NVD analysis status (Analyzed, Modified, etc.) |
| ⚠️ `cvssV3Score` | CVSS v3.x base score (0.0–10.0) |
| 🎯 `cvssV3Severity` | CVSS v3.x severity label (CRITICAL/HIGH/MEDIUM/LOW) |
| 🔢 `cvssV3Vector` | Full CVSS v3 vector string |
| ⚠️ `cvssV2Score` | CVSS v2 base score (fallback for older CVEs) |
| 🎯 `cvssV2Severity` | CVSS v2 severity label |
| 📝 `description` | Full English vulnerability description |
| 🛡️ `cweIds` | CWE weakness classification IDs (e.g. CWE-20) |
| 📦 `affectedProducts` | Vulnerable vendor/product pairs from CPE configurations |
| 🔗 `patchLinks` | Patch, fix, and vendor advisory URLs |
| 🔢 `referenceCount` | Total number of NVD references |
| 🌐 `nvdUrl` | Direct link to the NVD vulnerability detail page |
---
### How much does it cost to look up CVE vulnerabilities?
This Actor uses **pay-per-event** pricing — you pay only for what you fetch.
No monthly subscription. All platform costs are **included**.
| | Free | Starter ($29/mo) | Scale ($199/mo) | Business ($999/mo) |
|---|---|---|---|---|
| **Per CVE** | $0.0023 | $0.002 | $0.00156 | $0.0012 |
| **100 CVEs** | $0.23 | $0.20 | $0.156 | $0.12 |
| **1,000 CVEs** | $2.30 | $2.00 | $1.56 | $1.20 |
Plus a one-time start fee of $0.005 (Free) / $0.00475 (Starter) per run.
Higher-tier plans get additional volume discounts.
**Real-world cost examples:**
| Use case | CVEs | Duration | Cost (Free tier) |
|---|---|---|---|
| Lookup 3 specific CVE IDs | 3 | ~5s | ~$0.01 |
| Keyword search for 20 CVEs | 20 | ~15s | ~$0.05 |
| CPE scan — 100 CVEs for a product | 100 | ~70s | ~$0.23 |
| Full SBOM triage — 500 CVEs | 500 | ~6 min | ~$1.15 |
Free plan users get $5 in monthly credits — enough for ~2,000 CVE lookups at no charge.
---
### How to look up CVE vulnerabilities
1. Open the [CVE Vulnerability Lookup actor page](https://apify.com/automation-lab/cve-vulnerability-lookup)
2. Click **Try for free** — no credit card needed for the first run
3. Choose your lookup mode:
- **CVE IDs**: Enter specific CVE identifiers like `CVE-2021-44228`
- **Keyword search**: Enter terms like `log4j remote code execution`
- **CPE name**: Enter a CPE 2.3 string like `cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*`
4. Set filters (optional): minimum severity (LOW/MEDIUM/HIGH/CRITICAL), date range
5. Click **Start** and wait for results (most runs complete in seconds to minutes)
6. Export to JSON, CSV, or Excel from the **Dataset** tab
**Input example — specific CVE IDs:**
```json
{
"cveIds": ["CVE-2021-44228", "CVE-2023-23397", "CVE-2021-34527"]
}
````
**Input example — keyword search with severity filter:**
```json
{
"keywordSearch": "apache struts remote code execution",
"maxResults": 50,
"minSeverity": "HIGH"
}
```
**Input example — CPE product scan:**
```json
{
"cpeName": "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*",
"maxResults": 100
}
```
***
### Input parameters
| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| `cveIds` | string\[] | No | — | Specific CVE IDs to look up (takes priority over keyword/CPE) |
| `keywordSearch` | string | No | — | Keyword search across NVD descriptions and metadata |
| `cpeName` | string | No | — | CPE 2.3 name to find all associated CVEs |
| `maxResults` | integer | No | 20 | Maximum CVEs to return (keyword/CPE modes); max 2000 |
| `minSeverity` | string | No | — | Minimum CVSS severity: LOW, MEDIUM, HIGH, or CRITICAL |
| `publishedAfter` | string | No | — | ISO 8601 date (YYYY-MM-DD) — only CVEs published after this |
| `publishedBefore` | string | No | — | ISO 8601 date (YYYY-MM-DD) — only CVEs published before this |
**Priority:** CVE IDs → keyword search → CPE name. Only the first non-empty input mode is used.
***
### Output example
```json
{
"cveId": "CVE-2021-44228",
"publishedDate": "2021-12-10",
"lastModifiedDate": "2026-02-20",
"vulnStatus": "Analyzed",
"cvssV3Score": 10,
"cvssV3Severity": "CRITICAL",
"cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"cvssV2Score": 9.3,
"cvssV2Severity": "HIGH",
"cvssV2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"description": "Apache Log4j2 2.0-beta9 through 2.15.0 ... JNDI features ... arbitrary code execution ...",
"cweIds": ["CWE-20", "CWE-400", "CWE-502", "CWE-917"],
"affectedProducts": ["apache/log4j", "siemens/capital", "oracle/weblogic_server"],
"patchLinks": [
"https://logging.apache.org/log4j/2.x/security.html",
"https://msrc-blog.microsoft.com/2021/12/11/..."
],
"referenceCount": 103,
"nvdUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
}
```
***
### Tips for best results
- 🎯 **Start with CVE IDs for known vulnerabilities** — fastest mode, one API call per CVE
- 🔍 **Use keyword search for discovery** — NVD full-text search across all CVE descriptions
- 📦 **CPE mode is ideal for SBOM triage** — find every CVE for `vendor/product/version`
- ⚠️ **Filter by severity** — set `minSeverity: "HIGH"` to reduce noise for risk management
- 📅 **Use date filters for recency** — set `publishedAfter: "2024-01-01"` for recent CVEs only
- 💡 **Start small** — try 20 results first to verify your query returns what you expect
- 🔄 **Schedule for monitoring** — schedule a daily run with `keywordSearch` or `cpeName` to catch new CVEs for your products
- 🐢 **NVD rate limits without API key**: ~5 requests/30 seconds. For bulk lookups of 1000+ CVEs, runs take a few minutes — this is normal
***
### Integrations
**CVE Vulnerability Lookup → Google Sheets (vulnerability tracking)**
Export your CVE dataset to Google Sheets using the Apify Google Sheets integration. Keep a live spreadsheet of all critical CVEs for your dependency stack, updated automatically each day.
**CVE Vulnerability Lookup → Slack/PagerDuty (alerting)**
Use Apify webhooks to trigger a Slack message or PagerDuty alert when new CRITICAL CVEs are found for your products. Set up a scheduled daily run with `publishedAfter: yesterday` to catch new CVEs within 24 hours.
**CVE Vulnerability Lookup → JIRA/GitHub Issues (patch tracking)**
Pipe CVE results into Make.com or Zapier to auto-create JIRA tickets or GitHub issues for each HIGH/CRITICAL CVE found in your SBOM. Link the `nvdUrl` in the ticket for direct NVD reference.
**CVE Vulnerability Lookup → Elastic/Splunk SIEM**
Use the Apify API to pull CVE data on a schedule and feed it into your SIEM index. Join with your asset inventory to produce "at-risk host" reports.
**CVE Vulnerability Lookup → Excel for compliance reports**
Export to Excel directly from the Apify dataset page. Pre-filter by `minSeverity: CRITICAL` to generate a focused finding list for PCI-DSS or SOC 2 auditors.
***
### Using the Apify API
You can trigger CVE lookups programmatically from any language using the Apify API.
#### Node.js
```javascript
import { ApifyClient } from 'apify-client';
const client = new ApifyClient({ token: 'YOUR_APIFY_TOKEN' });
const run = await client.actor('automation-lab/cve-vulnerability-lookup').call({
cveIds: ['CVE-2021-44228', 'CVE-2023-23397'],
});
const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);
```
#### Python
```python
from apify_client import ApifyClient
client = ApifyClient('YOUR_APIFY_TOKEN')
run = client.actor('automation-lab/cve-vulnerability-lookup').call(run_input={
'keywordSearch': 'microsoft exchange remote code execution',
'maxResults': 50,
'minSeverity': 'HIGH',
})
for item in client.dataset(run['defaultDatasetId']).iterate_items():
print(item['cveId'], item['cvssV3Severity'], item['description'][:80])
```
#### cURL
```bash
curl -X POST \
"https://api.apify.com/v2/acts/automation-lab~cve-vulnerability-lookup/runs" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_APIFY_TOKEN" \
-d '{
"cpeName": "cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*",
"maxResults": 100
}'
```
***
### Use with AI agents via MCP
CVE Vulnerability Lookup is available as a tool for AI assistants that support the [Model Context Protocol (MCP)](https://docs.apify.com/platform/integrations/mcp).
Add the Apify MCP server to your AI client — this gives you access to all Apify actors, including this one:
#### Setup for Claude Code
```bash
claude mcp add --transport http apify "https://mcp.apify.com?tools=automation-lab/cve-vulnerability-lookup"
```
#### Setup for Claude Desktop, Cursor, or VS Code
Add this to your MCP config file:
```json
{
"mcpServers": {
"apify": {
"url": "https://mcp.apify.com?tools=automation-lab/cve-vulnerability-lookup"
}
}
}
```
Your AI assistant will use OAuth to authenticate with your Apify account on first use.
#### Example prompts
Once connected, try asking your AI assistant:
- "Use automation-lab/cve-vulnerability-lookup to look up CVE-2021-44228, CVE-2023-23397, and CVE-2021-34527 and tell me their CVSS scores and patch links"
- "Search for critical vulnerabilities in Apache Struts published in 2023 and summarize the top 5 by severity"
- "Find all CVEs for cpe:2.3:a:microsoft:exchange\_server:2019:*:*:*:*:*:*:\* with HIGH or CRITICAL severity"
Learn more in the [Apify MCP documentation](https://docs.apify.com/platform/integrations/mcp).
***
### Is it legal to query the NVD API?
Yes. The NIST NVD is a **publicly funded, freely accessible database** maintained by the US government. The NVD API has no terms restricting automated queries — in fact, it's designed and published specifically for automated tools and integrations.
This actor only reads public vulnerability data that NIST explicitly makes available for programmatic access. No login, no scraping of private data, no circumvention of security measures.
As with all data collection, use the data responsibly:
- Do not use CVE data to target systems you don't have permission to test
- Be aware of applicable laws (CFAA, Computer Misuse Act, etc.) in your jurisdiction
- The NVD data is in the public domain — redistribution is permitted with proper attribution to NIST
***
### FAQ
**How fast does it run?**
CVE ID lookups are very fast — typically 3–5 seconds for 10 CVEs. Keyword and CPE searches that return 100+ results may take 2–4 minutes due to NVD's free-tier rate limit of ~5 API requests per 30 seconds. There is no delay if you provide a NVD API key (not currently supported — file a feature request if needed).
**How much does it cost to look up CVEs?**
Very cheap. Looking up 3 CVE IDs costs about $0.01 on the free tier. A batch of 500 CVEs costs about $1.15. You can look up roughly 2,000 CVEs with the free $5 monthly credit.
**Is this different from the official NVD API?**
The official NVD API returns raw JSON with nested structures that require significant parsing. This actor normalizes the output into flat, analysis-ready records — CVSS scores, severity, CWE IDs, and deduplicated patch links are all pre-extracted. You also get the Apify platform benefits: scheduling, export formats (CSV/Excel/JSON), API access, Zapier/Make integration, and webhooks.
**Why are some CVEs missing a CVSSv3 score?**
Older CVEs (pre-2015) were scored only with CVSSv2. NVD began applying CVSSv3 scoring retroactively but hasn't scored every historical CVE. When CVSSv3 is absent, check `cvssV2Score` and `cvssV2Severity` instead.
**Why does a CVE lookup return fewer results than expected?**
A few reasons: the CVE ID may be misspelled (the format must be `CVE-YYYY-NNNNN`), the CVE may not yet be in NVD (MITRE assigns IDs before NVD analysis), or the `minSeverity` filter may be excluding some results. Remove the `minSeverity` filter and check the `vulnStatus` field — CVEs in "Awaiting Analysis" status may have no CVSS score yet.
**Does this work for CVEs published today?**
Yes — NVD updates continuously. CVEs may appear in NVD within hours to days of being assigned. Very new CVEs may show `vulnStatus: "Received"` with no CVSS score until NVD completes analysis.
**Can I look up thousands of CVEs at once?**
Yes — provide a large `cveIds` array or use `maxResults: 2000` with a keyword/CPE search. Large runs may take 10–20 minutes due to NVD rate limits. Schedule them overnight for best results.
***
### Other security and developer tools
- [SSL Certificate Checker](https://apify.com/automation-lab/ssl-certificate-checker) — validate SSL/TLS certificates for any domain
- [DNS Record Checker](https://apify.com/automation-lab/dns-record-checker) — query A, MX, TXT, CNAME, and other DNS records
- [DMARC Record Checker](https://apify.com/automation-lab/dmarc-record-checker) — validate DMARC email authentication policies
- [Broken Link Checker](https://apify.com/automation-lab/broken-link-checker) — find 404s and broken links across any website
- [HTTP Status Checker](https://apify.com/automation-lab/http-status-checker) — bulk check HTTP response codes for URL lists
- [JSON Schema Generator](https://apify.com/automation-lab/json-schema-generator) — generate JSON Schema from JSON examples
- [Color Contrast Checker](https://apify.com/automation-lab/color-contrast-checker) — validate WCAG 2.1 color accessibility compliance
# Actor input Schema
## `cveIds` (type: `array`):
List of specific CVE IDs to look up (e.g. CVE-2021-44228, CVE-2023-23397). Leave empty to use keyword or CPE search instead.
## `keywordSearch` (type: `string`):
Search CVEs by keyword (e.g. log4j remote code execution, apache struts). Used only when no CVE IDs are provided.
## `cpeName` (type: `string`):
Filter CVEs by CPE 2.3 name (e.g. cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:\*). Used only when no CVE IDs or keyword are provided.
## `maxResults` (type: `integer`):
Maximum number of CVE records to return. Applies to keyword and CPE searches. Max 2000.
## `minSeverity` (type: `string`):
Only return CVEs at or above this CVSS v3 severity level.
## `publishedAfter` (type: `string`):
Only return CVEs published on or after this date (ISO 8601, e.g. 2023-01-01). Note: Due to NVD API limitations, date filters are not applied when keyword search or CPE name is provided — they work only as standalone filters.
## `publishedBefore` (type: `string`):
Only return CVEs published on or before this date (ISO 8601, e.g. 2023-12-31). Note: Due to NVD API limitations, date filters are not applied when keyword search or CPE name is provided — they work only as standalone filters.
## Actor input object example
```json
{
"cveIds": [
"CVE-2021-44228",
"CVE-2023-23397",
"CVE-2021-34527"
],
"maxResults": 20,
"minSeverity": ""
}
```
# Actor output Schema
## `overview` (type: `string`):
No description
# API
You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup.
## JavaScript example
```javascript
import { ApifyClient } from 'apify-client';
// Initialize the ApifyClient with your Apify API token
// Replace the '' with your token
const client = new ApifyClient({
token: '',
});
// Prepare Actor input
const input = {
"cveIds": [
"CVE-2021-44228",
"CVE-2023-23397",
"CVE-2021-34527"
],
"keywordSearch": "",
"cpeName": "",
"maxResults": 20,
"publishedAfter": "",
"publishedBefore": ""
};
// Run the Actor and wait for it to finish
const run = await client.actor("automation-lab/cve-vulnerability-lookup").call(input);
// Fetch and print Actor results from the run's dataset (if any)
console.log('Results from dataset');
console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`);
const { items } = await client.dataset(run.defaultDatasetId).listItems();
items.forEach((item) => {
console.dir(item);
});
// 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs
```
## Python example
```python
from apify_client import ApifyClient
# Initialize the ApifyClient with your Apify API token
# Replace '' with your token.
client = ApifyClient("")
# Prepare the Actor input
run_input = {
"cveIds": [
"CVE-2021-44228",
"CVE-2023-23397",
"CVE-2021-34527",
],
"keywordSearch": "",
"cpeName": "",
"maxResults": 20,
"publishedAfter": "",
"publishedBefore": "",
}
# Run the Actor and wait for it to finish
run = client.actor("automation-lab/cve-vulnerability-lookup").call(run_input=run_input)
# Fetch and print Actor results from the run's dataset (if there are any)
print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"])
for item in client.dataset(run["defaultDatasetId"]).iterate_items():
print(item)
# 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start
```
## CLI example
```bash
echo '{
"cveIds": [
"CVE-2021-44228",
"CVE-2023-23397",
"CVE-2021-34527"
],
"keywordSearch": "",
"cpeName": "",
"maxResults": 20,
"publishedAfter": "",
"publishedBefore": ""
}' |
apify call automation-lab/cve-vulnerability-lookup --silent --output-dataset
```
## MCP server setup
```json
{
"mcpServers": {
"apify": {
"command": "npx",
"args": [
"mcp-remote",
"https://mcp.apify.com/?tools=automation-lab/cve-vulnerability-lookup",
"--header",
"Authorization: Bearer "
]
}
}
}
```
## OpenAPI specification
```json
{
"openapi": "3.0.1",
"info": {
"title": "CVE Vulnerability Lookup (NIST NVD)",
"description": "Query the NIST NVD for CVE details — lookup by CVE ID, keyword, or CPE product. Returns CVSS scores, descriptions, CWE IDs, affected software, and patch links. No API key required.",
"version": "0.1",
"x-build-id": "pva57iq9AlpqaVtIS"
},
"servers": [
{
"url": "https://api.apify.com/v2"
}
],
"paths": {
"/acts/automation-lab~cve-vulnerability-lookup/run-sync-get-dataset-items": {
"post": {
"operationId": "run-sync-get-dataset-items-automation-lab-cve-vulnerability-lookup",
"x-openai-isConsequential": false,
"summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.",
"tags": [
"Run Actor"
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/inputSchema"
}
}
}
},
"parameters": [
{
"name": "token",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"description": "Enter your Apify token here"
}
],
"responses": {
"200": {
"description": "OK"
}
}
}
},
"/acts/automation-lab~cve-vulnerability-lookup/runs": {
"post": {
"operationId": "runs-sync-automation-lab-cve-vulnerability-lookup",
"x-openai-isConsequential": false,
"summary": "Executes an Actor and returns information about the initiated run in response.",
"tags": [
"Run Actor"
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/inputSchema"
}
}
}
},
"parameters": [
{
"name": "token",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"description": "Enter your Apify token here"
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/runsResponseSchema"
}
}
}
}
}
}
},
"/acts/automation-lab~cve-vulnerability-lookup/run-sync": {
"post": {
"operationId": "run-sync-automation-lab-cve-vulnerability-lookup",
"x-openai-isConsequential": false,
"summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.",
"tags": [
"Run Actor"
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/inputSchema"
}
}
}
},
"parameters": [
{
"name": "token",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"description": "Enter your Apify token here"
}
],
"responses": {
"200": {
"description": "OK"
}
}
}
}
},
"components": {
"schemas": {
"inputSchema": {
"type": "object",
"properties": {
"cveIds": {
"title": "🔍 CVE IDs",
"type": "array",
"description": "List of specific CVE IDs to look up (e.g. CVE-2021-44228, CVE-2023-23397). Leave empty to use keyword or CPE search instead.",
"items": {
"type": "string"
}
},
"keywordSearch": {
"title": "💬 Keyword search",
"type": "string",
"description": "Search CVEs by keyword (e.g. log4j remote code execution, apache struts). Used only when no CVE IDs are provided."
},
"cpeName": {
"title": "📦 CPE product name",
"type": "string",
"description": "Filter CVEs by CPE 2.3 name (e.g. cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*). Used only when no CVE IDs or keyword are provided."
},
"maxResults": {
"title": "📊 Max results",
"minimum": 1,
"maximum": 2000,
"type": "integer",
"description": "Maximum number of CVE records to return. Applies to keyword and CPE searches. Max 2000.",
"default": 20
},
"minSeverity": {
"title": "⚠️ Minimum severity",
"enum": [
"",
"LOW",
"MEDIUM",
"HIGH",
"CRITICAL"
],
"type": "string",
"description": "Only return CVEs at or above this CVSS v3 severity level.",
"default": ""
},
"publishedAfter": {
"title": "📅 Published after",
"pattern": "^(\\d{4}-\\d{2}-\\d{2})?$",
"type": "string",
"description": "Only return CVEs published on or after this date (ISO 8601, e.g. 2023-01-01). Note: Due to NVD API limitations, date filters are not applied when keyword search or CPE name is provided — they work only as standalone filters."
},
"publishedBefore": {
"title": "📅 Published before",
"pattern": "^(\\d{4}-\\d{2}-\\d{2})?$",
"type": "string",
"description": "Only return CVEs published on or before this date (ISO 8601, e.g. 2023-12-31). Note: Due to NVD API limitations, date filters are not applied when keyword search or CPE name is provided — they work only as standalone filters."
}
}
},
"runsResponseSchema": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"actId": {
"type": "string"
},
"userId": {
"type": "string"
},
"startedAt": {
"type": "string",
"format": "date-time",
"example": "2025-01-08T00:00:00.000Z"
},
"finishedAt": {
"type": "string",
"format": "date-time",
"example": "2025-01-08T00:00:00.000Z"
},
"status": {
"type": "string",
"example": "READY"
},
"meta": {
"type": "object",
"properties": {
"origin": {
"type": "string",
"example": "API"
},
"userAgent": {
"type": "string"
}
}
},
"stats": {
"type": "object",
"properties": {
"inputBodyLen": {
"type": "integer",
"example": 2000
},
"rebootCount": {
"type": "integer",
"example": 0
},
"restartCount": {
"type": "integer",
"example": 0
},
"resurrectCount": {
"type": "integer",
"example": 0
},
"computeUnits": {
"type": "integer",
"example": 0
}
}
},
"options": {
"type": "object",
"properties": {
"build": {
"type": "string",
"example": "latest"
},
"timeoutSecs": {
"type": "integer",
"example": 300
},
"memoryMbytes": {
"type": "integer",
"example": 1024
},
"diskMbytes": {
"type": "integer",
"example": 2048
}
}
},
"buildId": {
"type": "string"
},
"defaultKeyValueStoreId": {
"type": "string"
},
"defaultDatasetId": {
"type": "string"
},
"defaultRequestQueueId": {
"type": "string"
},
"buildNumber": {
"type": "string",
"example": "1.0.0"
},
"containerUrl": {
"type": "string"
},
"usage": {
"type": "object",
"properties": {
"ACTOR_COMPUTE_UNITS": {
"type": "integer",
"example": 0
},
"DATASET_READS": {
"type": "integer",
"example": 0
},
"DATASET_WRITES": {
"type": "integer",
"example": 0
},
"KEY_VALUE_STORE_READS": {
"type": "integer",
"example": 0
},
"KEY_VALUE_STORE_WRITES": {
"type": "integer",
"example": 1
},
"KEY_VALUE_STORE_LISTS": {
"type": "integer",
"example": 0
},
"REQUEST_QUEUE_READS": {
"type": "integer",
"example": 0
},
"REQUEST_QUEUE_WRITES": {
"type": "integer",
"example": 0
},
"DATA_TRANSFER_INTERNAL_GBYTES": {
"type": "integer",
"example": 0
},
"DATA_TRANSFER_EXTERNAL_GBYTES": {
"type": "integer",
"example": 0
},
"PROXY_RESIDENTIAL_TRANSFER_GBYTES": {
"type": "integer",
"example": 0
},
"PROXY_SERPS": {
"type": "integer",
"example": 0
}
}
},
"usageTotalUsd": {
"type": "number",
"example": 0.00005
},
"usageUsd": {
"type": "object",
"properties": {
"ACTOR_COMPUTE_UNITS": {
"type": "integer",
"example": 0
},
"DATASET_READS": {
"type": "integer",
"example": 0
},
"DATASET_WRITES": {
"type": "integer",
"example": 0
},
"KEY_VALUE_STORE_READS": {
"type": "integer",
"example": 0
},
"KEY_VALUE_STORE_WRITES": {
"type": "number",
"example": 0.00005
},
"KEY_VALUE_STORE_LISTS": {
"type": "integer",
"example": 0
},
"REQUEST_QUEUE_READS": {
"type": "integer",
"example": 0
},
"REQUEST_QUEUE_WRITES": {
"type": "integer",
"example": 0
},
"DATA_TRANSFER_INTERNAL_GBYTES": {
"type": "integer",
"example": 0
},
"DATA_TRANSFER_EXTERNAL_GBYTES": {
"type": "integer",
"example": 0
},
"PROXY_RESIDENTIAL_TRANSFER_GBYTES": {
"type": "integer",
"example": 0
},
"PROXY_SERPS": {
"type": "integer",
"example": 0
}
}
}
}
}
}
}
}
}
}
```