# CIRCL CVE Search Scraper (`parseforge/circl-cve-scraper`) Actor Scrape CVE vulnerability records from CIRCL CVE Search. Fetch the latest CVEs, look up by ID, browse vendor products, or list every CVE for a vendor/product. Returns CVSS, CWE, CPEs, references, CAPEC, and impact metrics. - **URL**: https://apify.com/parseforge/circl-cve-scraper.md - **Developed by:** [ParseForge](https://apify.com/parseforge) (community) - **Categories:** Developer tools, Business, Automation - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing from $24.38 / 1,000 results This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Since this Actor supports Apify Store discounts, the price gets lower the higher subscription plan you have. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ![ParseForge Banner](https://github.com/ParseForge/apify-assets/blob/main/banners/banner-default.jpg?raw=true) ## 🔬 CIRCL CVE Scraper > 🚀 **Export the CIRCL Luxembourg CVE search catalogue in seconds.** Pull latest CVEs, single CVE detail, vendor and product browse, plus the full CWE catalogue and CAPEC pattern catalogue. No sign-up, no token, no manual pagination. > 🕒 **Last updated:** 2026-05-15 · **📊 24 fields** per record · **🔬 240,000+ CVEs** · **🏢 25,000+ vendors** · **🧬 1,000+ CWE entries · 600+ CAPEC patterns** The **CIRCL CVE Scraper** pulls vulnerabilities, weakness catalogues, and attack patterns from the CIRCL Luxembourg CVE search catalogue and returns **24 normalised fields per CVE record**, including the CVE identifier, summary, publication and modification timestamps, CVSS v4 / v3 / v2 base scores, CWE list, CAPEC patterns, references, vulnerable configurations, and provider metadata. The catalogue is maintained by the Computer Incident Response Center Luxembourg, a national CERT, and is one of the most widely used open mirrors of the global CVE list with extra cross-references that the upstream sources do not provide in a single place. The catalogue covers **240,000+ CVEs spanning every published year, 25,000+ vendor slugs, the full Common Weakness Enumeration list, and 600+ Common Attack Pattern Enumeration entries**. This Actor makes that data downloadable as CSV, Excel, JSON, or XML in minutes. Eight modes cover everything from latest-published feeds to vendor-product browse to CWE-CAPEC mapping. | 🎯 Target Audience | 💡 Primary Use Cases | |---|---| | Security teams, threat researchers, vulnerability managers, vendor risk analysts, DevSecOps engineers, security tool builders, ML researchers | Cross-reference CVE / CWE / CAPEC, vendor risk research, latest-CVE feeds, attack-pattern mapping, training datasets, complementing NVD with extra metadata | --- ### 📋 What the CIRCL CVE Scraper does Eight workflows in a single Actor: - 🆕 **Latest published CVEs.** Pull the N most recently published vulnerabilities. - 🆔 **Single CVE by ID.** Look up one CVE detail page (e.g. `CVE-2021-44228`). - 📦 **Batch CVE lookup.** Pass an array of CVE IDs and get every match in one run. - 🏢 **Browse vendor.** List every product known under a vendor slug like `apache` or `microsoft`. - 🔍 **Search vendor + product.** Return every CVE for a vendor / product pair (e.g. `apache` / `log4j`). - 🛢️ **DB info.** Get the last database update timestamp for cache invalidation. - 🧬 **CWE catalogue.** List every Common Weakness Enumeration entry. - 🎯 **CAPEC patterns for a CWE.** Map a CWE to its related CAPEC attack patterns. - 🏷️ **Vendors index.** List every vendor slug known to CIRCL. Each CVE record includes the identifier, summary, state, assigner CNA, publication and modification timestamps, CVSS v4 / v3 / v2 base scores and severities, CWE list, CAPEC patterns, references, vulnerable configurations, vulnerable products, impact and access metrics, and provider metadata. > 💡 **Why it matters:** the upstream CVE feeds are split across NVD, MITRE, and dozens of CNAs. CIRCL aggregates them with extra cross-references like CWE-to-CAPEC mapping that no single source exposes. Building your own cross-walk means engineering a multi-source pipeline. This Actor skips all of that. --- ### 🎬 Full Demo _🚧 Coming soon: a 3-minute walkthrough showing how to go from sign-up to a downloaded CVE dataset._ --- ### ⚙️ Input
InputTypeDefaultBehavior
modeenum"latest"One of latest, byId, browseVendor, searchProduct, dbInfo, cwe, capec, vendor.
cveIdstring""Single CVE ID for byId. Also used as the CWE numeric ID for capec mode.
cveIdsstring[][]Batch CVE IDs for byId mode (recommended max ~100 per run).
vendorstring""Lowercase vendor slug for browseVendor and searchProduct (e.g. apache, microsoft).
productstring""Lowercase product slug for searchProduct (e.g. log4j, tomcat).
countinteger100Number of latest CVEs to fetch in latest mode (max 1,000).
maxItemsinteger10Records to return. Free plan caps at 10, paid plan at 1,000,000.
**Example: latest 50 CVEs published.** ```json { "mode": "latest", "count": 50, "maxItems": 50 } ```` **Example: every CVE for Apache Log4j.** ```json { "mode": "searchProduct", "vendor": "apache", "product": "log4j", "maxItems": 100 } ``` > ⚠️ **Good to Know:** vendor and product slugs are lowercase and follow CIRCL conventions (e.g. `microsoft` / `windows_10`, not `Microsoft` / `Windows 10`). Use mode=vendor first to discover available slugs. *** ### 📊 Output Each CVE record contains **24 fields**. Download the dataset as CSV, Excel, JSON, or XML. #### 🧾 Schema | Field | Type | Example | |---|---|---| | 🆔 `cveId` | string | `"CVE-2021-44228"` | | 🔗 `url` | string | `"https://cve.circl.lu/cve/CVE-2021-44228"` | | 🏷️ `title` | string | null | `"Apache Log4j2 Remote Code Execution"` | | 📝 `summary` | string | null | `"Apache Log4j2 2.0-beta9 through 2.15.0..."` | | 🚦 `state` | string | null | `"PUBLISHED"` | | 🏢 `assigner` | string | null | `"GitHub_M"` | | 📅 `published` | ISO 8601 | null | `"2021-12-10T10:15:09Z"` | | 🕒 `modified` | ISO 8601 | null | `"2025-04-03T01:03:51Z"` | | 🕒 `last_modified` | ISO 8601 | null | `"2025-04-03T01:03:51Z"` | | 🎯 `cvss` | number | null | `10.0` | | 🎯 `cvss3` | number | null | `10.0` | | 🎯 `cvss4` | number | null | `10.0` | | 🚦 `severity` | string | null | `"CRITICAL"` | | 🧬 `cwe` | string\[] | `["CWE-20", "CWE-400", "CWE-502"]` | | 📚 `references` | string\[] | `["https://logging.apache.org/log4j/2.x/security.html", "..."]` | | 🧱 `vulnerable_configuration` | string\[] | `["cpe:2.3:a:apache:log4j:2.0:*:*:*:*:*:*:*"]` | | 📦 `vulnerable_product` | string\[] | `["cpe:2.3:a:apache:log4j:*"]` | | 🎯 `capec` | string\[] | `["CAPEC-242"]` | | 💥 `impact` | object | `{ "confidentiality": "HIGH", "integrity": "HIGH", "availability": "HIGH" }` | | 🔓 `access` | object | `{ "vector": "NETWORK", "complexity": "LOW", "authentication": "NONE" }` | | 📦 `affected` | object\[] | `[{ "vendor": "apache", "product": "log4j", "versions": [...] }]` | | 🎯 `metrics` | object\[] | `[{ "version": "3.1", "baseScore": 10.0, "baseSeverity": "CRITICAL" }]` | | 🛢️ `dataVersion` | string | null | `"5.1"` | | 🕒 `scrapedAt` | ISO 8601 | `"2026-05-15T00:00:00.000Z"` | #### 📦 Sample record
🔥 Log4Shell via CIRCL (CVE-2021-44228) ```json { "cveId": "CVE-2021-44228", "url": "https://cve.circl.lu/cve/CVE-2021-44228", "title": "Apache Log4j2 Remote Code Execution", "summary": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.", "state": "PUBLISHED", "assigner": "GitHub_M", "published": "2021-12-10T10:15:09Z", "modified": "2025-04-03T01:03:51Z", "cvss3": 10.0, "severity": "CRITICAL", "cwe": ["CWE-20", "CWE-400", "CWE-502", "CWE-917"], "references": [ "https://logging.apache.org/log4j/2.x/security.html", "https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance" ], "vulnerable_configuration": ["cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*"], "capec": ["CAPEC-242", "CAPEC-77"], "impact": { "confidentiality": "HIGH", "integrity": "HIGH", "availability": "HIGH" }, "access": { "vector": "NETWORK", "complexity": "LOW", "authentication": "NONE" }, "affected": [{ "vendor": "apache", "product": "log4j", "versions": [{ "version": "2.0", "lessThan": "2.3.2", "status": "affected" }] }], "metrics": [{ "version": "3.1", "baseScore": 10.0, "baseSeverity": "CRITICAL" }], "dataVersion": "5.1", "scrapedAt": "2026-05-15T00:00:00.000Z" } ```
*** ### ✨ Why choose this Actor | | Capability | |---|---| | 🔬 | **Authoritative source.** Pulls directly from the CIRCL Luxembourg CVE search catalogue, a national CERT-maintained mirror. | | 🎯 | **Multi-version CVSS.** v4, v3.1, v3.0, and v2 base scores plus vector strings, all normalised. | | 🧬 | **CWE + CAPEC.** Cross-walk a CVE to its weaknesses and from those to attack patterns. | | 🏢 | **Vendor + product browse.** Discover every product CIRCL knows for a vendor and every CVE for the pair. | | 🆕 | **Latest feed.** Daily-fresh list of the most recently published CVEs in one call. | | 🛢️ | **DB info.** Surface the last update timestamp for cache control. | | 🚫 | **No sign-up.** Works with public vulnerability data. No login or token needed. | > 📊 CIRCL aggregates CVE data with cross-references no single upstream source exposes. Owning a clean local copy is a multiplier for every research and prioritisation workflow. *** ### 📈 How it compares to alternatives | Approach | Cost | Coverage | Refresh | Modes | Setup | |---|---|---|---|---|---| | **⭐ CIRCL CVE Scraper** *(this Actor)* | $5 free credit, then pay-per-use | **240,000+ CVEs** | **Live per run** | 8 modes incl. CWE / CAPEC | ⚡ 2 min | | Commercial threat-intel platforms | $10,000+/year | Curated subset | Streaming | Many | ⏳ Days | | Direct upstream feeds | Free | Single source | Variable | Limited | 🛠️ Hours | | Self-built ingestion | Engineering time | Full | Custom | Custom | 🐢 Weeks | Pick this Actor when you want the CIRCL aggregate with vendor browse and CWE-CAPEC cross-walks ready to go. *** ### 🚀 How to use 1. 📝 **Sign up.** [Create a free account with $5 credit](https://console.apify.com/sign-up?fpr=vmoqkp) (takes 2 minutes). 2. 🌐 **Open the Actor.** Go to the CIRCL CVE Scraper page on the Apify Store. 3. 🎯 **Set input.** Pick a mode (latest / byId / vendor / product / cwe / capec), then set `maxItems`. 4. 🚀 **Run it.** Click **Start** and let the Actor collect your data. 5. 📥 **Download.** Grab your results in the **Dataset** tab as CSV, Excel, JSON, or XML. > ⏱️ Total time from signup to downloaded dataset: **3-5 minutes.** No coding required. *** ### 💼 Business use cases
#### 🛡️ Vulnerability Management - Daily ingestion of latest published CVEs - CWE-aware patch prioritisation queues - Vendor-product browse for asset-targeted CVE feeds - Cross-walk CVE / CWE / CAPEC for richer triage context #### 🔍 Threat Intelligence & Research - Map CVE waves against attack patterns via CAPEC - Build vendor risk scorecards based on CVE volume - Research datasets filtered by CWE family - Track CNA assigner activity and submission patterns
#### 🧬 Security Tooling - Build internal CWE catalogues with descriptions and links - Power CVE-to-CAPEC mapping in red-team reports - Drive vendor pickers in vulnerability dashboards - Replace bespoke MITRE / NVD scrapers with one feed #### 📊 Reporting & Compliance - Compliance evidence packs with CWE coverage - Vendor scorecards for procurement and supplier reviews - Customer-facing trust pages with CWE/CAPEC context - Quarterly threat-landscape reports
*** ### 🔌 Automating CIRCL CVE Scraper Control the scraper programmatically for scheduled runs and pipeline integrations: - 🟢 **Node.js.** Install the `apify-client` NPM package. - 🐍 **Python.** Use the `apify-client` PyPI package. - 📚 See the [Apify documentation](https://docs.apify.com/) for full details. The [Apify Schedules feature](https://docs.apify.com/platform/schedules) lets you trigger this Actor on any cron interval. Hourly, daily, or weekly refreshes keep your downstream vulnerability database in sync automatically. *** ### 🌟 Beyond business use cases Data like this powers more than commercial workflows. The same structured records support research, education, civic projects, and personal initiatives.
#### 🎓 Research and academia - Vulnerability disclosure trend analysis for academic papers - CWE / CAPEC mapping studies and ML training sets - Coursework on secure software engineering and risk modelling - Reproducible studies with cited, versioned dataset pulls #### 🎨 Personal and creative - Hobbyist CVE dashboards and home-lab feeds - Newsletter and blog research on the latest disclosures - Portfolio projects that show off security data engineering - Personal alerting bots for vendors you care about
#### 🤝 Non-profit and civic - National CERT mirrors for downstream research - Civic-tech projects mapping CVE risk for critical infrastructure - Open-source maintainers monitoring downstream impact - Educational outreach for security literacy programmes #### 🧪 Experimentation - Train CWE-classification or attack-pattern models - Prototype agent pipelines that summarise advisories - Test SIEM rules against historical CVE waves - Build dashboards on top of live vulnerability feeds
*** ### 🤖 Ask an AI assistant about this scraper Open a ready-to-send prompt about this ParseForge actor in the AI of your choice: - 💬 [**ChatGPT**](https://chat.openai.com/?q=How%20do%20I%20use%20the%20CIRCL%20CVE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - 🧠 [**Claude**](https://claude.ai/new?q=How%20do%20I%20use%20the%20CIRCL%20CVE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - 🔍 [**Perplexity**](https://perplexity.ai/search?q=How%20do%20I%20use%20the%20CIRCL%20CVE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - 🅒 [**Copilot**](https://copilot.microsoft.com/?q=How%20do%20I%20use%20the%20CIRCL%20CVE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) *** ### ❓ Frequently Asked Questions #### 🧩 What is CIRCL? CIRCL (Computer Incident Response Center Luxembourg) is the national CERT for the private and non-governmental sector in Luxembourg. They operate the cve.circl.lu catalogue, a widely used open mirror of the global CVE list with extra cross-references. #### 🆚 How is this different from the NIST NVD scraper? CIRCL aggregates CVE data with extra cross-references like CWE-to-CAPEC mapping, vendor / product browse, and a full CWE catalogue mode. NIST NVD is the canonical U.S. source. Many teams use both: NVD for authoritative CVSS scoring, CIRCL for cross-walks and discovery. #### 🎯 Which CVSS versions are included? All four. The Actor surfaces CVSS v4.0, v3.1, v3.0, and v2 base scores plus vector strings whenever the source provides them. #### 🧬 What is CWE? CWE (Common Weakness Enumeration) is the standard taxonomy of software weaknesses. Use `mode=cwe` to dump the full catalogue. #### 🎯 What is CAPEC? CAPEC (Common Attack Pattern Enumeration and Classification) catalogues attacker techniques. Use `mode=capec` with a CWE numeric ID in the `cveId` field to surface attack patterns related to that weakness. #### 🔁 How often is the dataset refreshed? CIRCL refreshes from upstream sources continuously. Use `mode=dbInfo` to read the last update timestamp for cache invalidation. #### 🏢 How do I find vendor and product slugs? Use `mode=vendor` to list every vendor known to CIRCL, then `mode=browseVendor` with the vendor slug to list its products. Slugs are lowercase and use underscores. #### ⏰ Can I schedule regular runs? Yes. Use Apify Schedules to run this Actor on any cron interval. A common pattern is an hourly schedule on `mode=latest` to keep a downstream CVE feed fresh. #### ⚖️ Is this data legal to use? CIRCL publishes the catalogue under permissive open licensing for non-commercial and commercial use. You should review the source terms for your specific application. #### 💳 Do I need a paid Apify plan to use this Actor? No. The free Apify plan is enough for testing and small runs (10 records per run). A paid plan lifts the limit and gives you scheduling, higher concurrency, and larger datasets. #### 🆘 What if I need help? Our support team is here to help. Contact us through the Apify platform or use the Tally form linked below. *** ### 🔌 Integrate with any app CIRCL CVE Scraper connects to any cloud service via [Apify integrations](https://apify.com/integrations): - [**Make**](https://docs.apify.com/platform/integrations/make) - Automate multi-step workflows - [**Zapier**](https://docs.apify.com/platform/integrations/zapier) - Connect with 5,000+ apps - [**Slack**](https://docs.apify.com/platform/integrations/slack) - Get CVE alerts in your security channels - [**Airbyte**](https://docs.apify.com/platform/integrations/airbyte) - Pipe CVE data into your warehouse - [**GitHub**](https://docs.apify.com/platform/integrations/github) - Trigger runs from commits and releases - [**Google Drive**](https://docs.apify.com/platform/integrations/drive) - Export datasets straight to Sheets You can also use webhooks to trigger downstream actions when a run finishes. Push fresh CVE data into your ticketing system, or alert your team in Slack when a vendor you track gets a new disclosure. *** ### 🔗 Recommended Actors - [**🛡️ NIST NVD CVE Scraper**](https://apify.com/parseforge/nist-nvd-cve-scraper) - Official NVD catalogue with CVSS v4/v3/v2 scores - [**🚨 CISA KEV Scraper**](https://apify.com/parseforge/cisa-kev-scraper) - Known Exploited Vulnerabilities catalogue with due dates - [**📈 EPSS Exploit Prediction Scraper**](https://apify.com/parseforge/epss-exploit-prediction-scraper) - 30-day exploitation probability scores - [**🐙 GitHub Security Advisories Scraper**](https://apify.com/parseforge/github-security-advisories-scraper) - GHSA + CVE advisories with patched versions - [**📦 OSV Vulnerabilities Scraper**](https://apify.com/parseforge/osv-vulnerabilities-scraper) - Open source vulnerabilities across 30+ ecosystems > 💡 **Pro Tip:** browse the complete [ParseForge collection](https://apify.com/parseforge) for more security and reference-data scrapers. *** **🆘 Need Help?** [**Open our contact form**](https://tally.so/r/BzdKgA) to request a new scraper, propose a custom data project, or report an issue. *** > **⚠️ Disclaimer:** this Actor is an independent tool and is not affiliated with, endorsed by, or sponsored by CIRCL Luxembourg, MITRE, or any of the CNAs that contribute to the CVE catalogue. All trademarks mentioned are the property of their respective owners. Only publicly available vulnerability data is collected. # Actor input Schema ## `mode` (type: `string`): Which CIRCL CVE search to run. 'latest' returns the most recently published CVEs. 'byId' fetches a single CVE by its identifier. 'browseVendor' lists every product known for a vendor. 'searchProduct' returns every CVE for a vendor/product pair. 'dbInfo' returns the last database update timestamp. 'cwe' lists every Common Weakness Enumeration entry. 'capec' lists CAPEC patterns related to a CWE id (set CVE ID input to the CWE numeric id). 'vendor' lists every vendor known to CIRCL. ## `cveId` (type: `string`): Required when mode is 'byId'. Format: CVE-YYYY-NNNN... (e.g. CVE-2021-44228). ## `cveIds` (type: `array`): Array of CVE IDs to fetch in a single mode=byId run (e.g. \["CVE-2021-44228", "CVE-2021-45046"]). Takes precedence over single cveId. ## `vendor` (type: `string`): Required when mode is 'browseVendor' or 'searchProduct'. Lowercase vendor slug as used by CIRCL (e.g. 'apache', 'microsoft', 'oracle'). ## `product` (type: `string`): Required when mode is 'searchProduct'. Lowercase product slug as listed under the vendor (e.g. 'log4j', 'tomcat'). ## `count` (type: `integer`): Only used when mode is 'latest'. Number of most-recent CVEs to fetch. Capped at 1000 for response-size sanity. ## `maxItems` (type: `integer`): Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000 ## Actor input object example ```json { "mode": "latest", "cveId": "CVE-2021-44228", "cveIds": [], "vendor": "apache", "product": "log4j", "count": 100, "maxItems": 10 } ``` # Actor output Schema ## `overview` (type: `string`): Overview of scraped data ## `fullData` (type: `string`): Complete dataset # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "mode": "latest", "count": 100, "maxItems": 10 }; // Run the Actor and wait for it to finish const run = await client.actor("parseforge/circl-cve-scraper").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "mode": "latest", "count": 100, "maxItems": 10, } # Run the Actor and wait for it to finish run = client.actor("parseforge/circl-cve-scraper").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "mode": "latest", "count": 100, "maxItems": 10 }' | apify call parseforge/circl-cve-scraper --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=parseforge/circl-cve-scraper", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "CIRCL CVE Search Scraper", "description": "Scrape CVE vulnerability records from CIRCL CVE Search. Fetch the latest CVEs, look up by ID, browse vendor products, or list every CVE for a vendor/product. Returns CVSS, CWE, CPEs, references, CAPEC, and impact metrics.", "version": "0.0", "x-build-id": "GaofsAfjLQ56Bik2z" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/parseforge~circl-cve-scraper/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-parseforge-circl-cve-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/parseforge~circl-cve-scraper/runs": { "post": { "operationId": "runs-sync-parseforge-circl-cve-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/parseforge~circl-cve-scraper/run-sync": { "post": { "operationId": "run-sync-parseforge-circl-cve-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "properties": { "mode": { "title": "Mode", "enum": [ "latest", "byId", "browseVendor", "searchProduct", "dbInfo", "cwe", "capec", "vendor" ], "type": "string", "description": "Which CIRCL CVE search to run. 'latest' returns the most recently published CVEs. 'byId' fetches a single CVE by its identifier. 'browseVendor' lists every product known for a vendor. 'searchProduct' returns every CVE for a vendor/product pair. 'dbInfo' returns the last database update timestamp. 'cwe' lists every Common Weakness Enumeration entry. 'capec' lists CAPEC patterns related to a CWE id (set CVE ID input to the CWE numeric id). 'vendor' lists every vendor known to CIRCL.", "default": "latest" }, "cveId": { "title": "CVE ID", "type": "string", "description": "Required when mode is 'byId'. Format: CVE-YYYY-NNNN... (e.g. CVE-2021-44228)." }, "cveIds": { "title": "CVE IDs (batch lookup)", "type": "array", "description": "Array of CVE IDs to fetch in a single mode=byId run (e.g. [\"CVE-2021-44228\", \"CVE-2021-45046\"]). Takes precedence over single cveId.", "default": [], "items": { "type": "string" } }, "vendor": { "title": "Vendor", "type": "string", "description": "Required when mode is 'browseVendor' or 'searchProduct'. Lowercase vendor slug as used by CIRCL (e.g. 'apache', 'microsoft', 'oracle')." }, "product": { "title": "Product", "type": "string", "description": "Required when mode is 'searchProduct'. Lowercase product slug as listed under the vendor (e.g. 'log4j', 'tomcat')." }, "count": { "title": "Latest Count", "minimum": 1, "maximum": 1000, "type": "integer", "description": "Only used when mode is 'latest'. Number of most-recent CVEs to fetch. Capped at 1000 for response-size sanity.", "default": 100 }, "maxItems": { "title": "Max Items", "minimum": 1, "maximum": 1000000, "type": "integer", "description": "Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000" } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```