# CWE MITRE Scraper (`parseforge/cwe-mitre-scraper`) Actor Scrape Common Weakness Enumeration (CWE) records from the official MITRE CWE REST API - descriptions, mitigations, examples, consequences, taxonomy mappings, and references for ~900 software weakness categories. No API key required. - **URL**: https://apify.com/parseforge/cwe-mitre-scraper.md - **Developed by:** [ParseForge](https://apify.com/parseforge) (community) - **Categories:** Developer tools, Business, Automation - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing from $24.75 / 1,000 results This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Since this Actor supports Apify Store discounts, the price gets lower the higher subscription plan you have. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ![ParseForge Banner](https://github.com/ParseForge/apify-assets/blob/main/banners/banner-default.jpg?raw=true) ## πŸ›‘οΈ CWE MITRE Scraper > πŸš€ **Export the Common Weakness Enumeration catalogue in seconds.** Pull single weaknesses, the full ~900-record catalogue, CWE Categories, or curated CWE Views like the Top 25 Most Dangerous Software Weaknesses. No sign-up, no manual scraping, no XML parsing. > πŸ•’ **Last updated:** 2026-05-15 Β· **πŸ“Š 25+ fields** per record Β· **πŸ›‘οΈ 900+ weaknesses** Β· **πŸ—‚οΈ Categories + Views (Top 25)** Β· **🌐 Official MITRE catalogue** The **CWE MITRE Scraper** exports the official MITRE Common Weakness Enumeration catalogue and returns up to **25+ structured fields per record**, including ID, name, abstraction, structure, status, exploit likelihood, descriptions, applicable platforms, common consequences, detection methods, potential mitigations, demonstrative + observed examples, taxonomy mappings (OWASP, CAPEC, NVD), related weaknesses, and references. The CWE catalogue is the de-facto reference for software weakness classification used by NIST, OWASP, vendors, and the wider AppSec community. The catalogue covers **900+ weaknesses, dozens of CWE Categories, and curated CWE Views** including the annual CWE Top 25 Most Dangerous Software Weaknesses. This Actor delivers the data as CSV, Excel, JSON, or XML in under a minute, so you skip the catalogue parsing, the cross-referencing, and the manual lookups. | 🎯 Target Audience | πŸ’‘ Primary Use Cases | |---|---| | AppSec engineers, vulnerability researchers, GRC analysts, SOC teams, security tooling vendors, academic researchers | Vulnerability triage, security training, CWE-to-CVE mapping, secure SDLC checklists, threat modelling, compliance reports | --- ### πŸ“‹ What the CWE MITRE Scraper does Four lookup modes in a single run: - 🎯 **Single CWE.** Pull one weakness by numeric ID (e.g. `79` for XSS, `89` for SQL Injection, `787` for Out-of-bounds Write), or batch up to 100 IDs in one run. - 🌐 **All CWEs.** Export the full catalogue of ~900 weaknesses with optional substring filter on the Name (e.g. "Cross-Site", "Buffer Overflow", "Authentication"). - πŸ—‚οΈ **Category.** Resolve every weakness inside a CWE Category (e.g. `699` Software Development, `1000` Research Concepts). - πŸ† **View.** Resolve curated CWE Views like `1387` (CWE Top 25 Most Dangerous Software Weaknesses, 2024) or `1003` (Weaknesses for Simplified Mapping). Each record includes the canonical CWE identifiers, structured prose descriptions, modes of introduction, common consequences with impact and likelihood, detection methods, mitigation guidance, demonstrative and observed code examples, taxonomy mappings to OWASP / WASC / CAPEC, and references with bibliographies. > πŸ’‘ **Why it matters:** modern AppSec, vulnerability management, and secure-SDLC pipelines all map findings back to CWE. Building the lookup yourself means parsing official XML dumps, normalising HTML in descriptions, and refreshing on every catalogue revision. This Actor skips all of that. --- ### 🎬 Full Demo _🚧 Coming soon: a 3-minute walkthrough showing how to go from sign-up to a downloaded CWE dataset._ --- ### βš™οΈ Input
InputTypeDefaultBehavior
modestring"single"One of single, all, category, view.
cweIdstring"79"CWE numeric ID for single mode (e.g. 79 = XSS, 89 = SQL Injection).
cweIdsstring[][]Batch lookup. Takes precedence over cweId.
categoryIdstring""CWE Category ID for category mode (e.g. 699 = Software Development).
viewIdstring""CWE View ID for view mode (e.g. 1387 = Top 25 (2024)).
categorystring""Substring filter on Name (case-insensitive, "all" mode only).
maxItemsinteger10Free plan caps at 10, paid plan at 1,000,000.
**Example: pull the OWASP-classic XSS weakness.** ```json { "mode": "single", "cweId": "79" } ```` **Example: export the CWE Top 25 Most Dangerous Software Weaknesses (2024).** ```json { "mode": "view", "viewId": "1387", "maxItems": 25 } ``` > ⚠️ **Good to Know:** descriptions in the source can include lightweight HTML markup. The Actor preserves the original markup in `description` / `extendedDescription` and also exposes a clean text version in `extendedDescriptionText` so you can use either. *** ### πŸ“Š Output Each CWE record contains up to **25+ fields**. Download the dataset as CSV, Excel, JSON, or XML. #### 🧾 Schema | Field | Type | Example | |---|---|---| | πŸ†” `id` | string | `"79"` | | 🏷️ `name` | string | `"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"` | | 🧱 `abstraction` | string | `"Base"` | | 🧩 `structure` | string | `"Simple"` | | πŸ“Œ `status` | string | `"Stable"` | | ⚠️ `likelihoodOfExploit` | string | null | `"High"` | | πŸ“ `description` | string | `"The product does not neutralize..."` | | πŸ“– `extendedDescription` | string | null | `"Cross-site scripting (XSS) vulnerabilities..."` | | πŸ“œ `extendedDescriptionText` | string | null | Plain-text version of the above | | πŸ” `alternateTerms` | array | null | XSS, HTML Injection | | πŸšͺ `modesOfIntroduction` | array | null | Architecture, Implementation phases | | πŸ’» `applicablePlatforms` | array | null | Languages, OS, architectures | | πŸ’₯ `commonConsequences` | array | null | Impact, scope, likelihood per scenario | | πŸ” `detectionMethods` | array | null | Manual analysis, fuzzing, SAST, DAST | | πŸ›‘οΈ `potentialMitigations` | array | null | Mitigation phase + description | | πŸ§ͺ `demonstrativeExamples` | array | null | Annotated code snippets | | 🌍 `observedExamples` | array | null | Real CVE references | | πŸ—ΊοΈ `taxonomyMappings` | array | null | OWASP, CAPEC, WASC, ISA mappings | | πŸ”— `relatedWeaknesses` | array | null | ChildOf / ParentOf / PeerOf links | | πŸ—’οΈ `notes` | array | null | Maintainer notes | | πŸ“š `references` | array | null | Bibliography entries | | πŸ”— `url` | string | `"https://cwe.mitre.org/data/definitions/79.html"` | | πŸ•’ `scrapedAt` | ISO 8601 | `"2026-05-15T00:00:00.000Z"` | #### πŸ“¦ Sample record
πŸ›‘οΈ CWE-79 Cross-site Scripting ```json { "id": "79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "abstraction": "Base", "structure": "Simple", "status": "Stable", "likelihoodOfExploit": "High", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", "extendedDescriptionText": "Cross-site scripting (XSS) vulnerabilities occur when... the attacker uses a vulnerable web application to send malicious code to a different end user.", "alternateTerms": [{"Term": "XSS"}, {"Term": "HTML Injection"}], "modesOfIntroduction": [{"Phase": "Implementation"}, {"Phase": "Architecture and Design"}], "applicablePlatforms": [{"Languages": "Not Language-Specific"}], "commonConsequences": [{"Scope": ["Confidentiality", "Integrity"], "Impact": ["Read Application Data", "Execute Unauthorized Code"]}], "detectionMethods": [{"Method": "Automated Static Analysis"}, {"Method": "Fuzzing"}], "potentialMitigations": [{"Phase": "Architecture and Design", "Strategy": "Output Encoding"}], "taxonomyMappings": [{"TaxonomyName": "OWASP Top Ten", "EntryName": "A03:2021 - Injection"}], "relatedWeaknesses": [{"Nature": "ChildOf", "CweID": "74"}], "url": "https://cwe.mitre.org/data/definitions/79.html", "scrapedAt": "2026-05-15T00:00:00.000Z" } ```
*** ### ✨ Why choose this Actor | | Capability | |---|---| | πŸ›‘οΈ | **Full catalogue.** 900+ weaknesses plus every CWE Category and CWE View, including the annual Top 25. | | 🎯 | **Four lookup modes.** Single ID, batch IDs, category resolution, or full export with substring filter. | | πŸ—ΊοΈ | **Taxonomy joins.** Mappings to OWASP, CAPEC, WASC, ISA-62443, NIST SP 800-53, and more for cross-system reporting. | | πŸ’₯ | **Operational fields.** Common consequences, detection methods, and mitigation guidance ready to drop into security tickets. | | πŸ§ͺ | **Code examples.** Demonstrative snippets and observed CVE references for training and triage. | | πŸ” | **Always fresh.** Each run pulls the latest catalogue revision, so MITRE's changes propagate to your dataset automatically. | | 🚫 | **No sign-up.** Works against the public catalogue. No login or token required. | > πŸ“Š Reliable CWE data is the backbone of every vulnerability management programme, secure SDLC pipeline, and AppSec dashboard. *** ### πŸ“ˆ How it compares to alternatives | Approach | Cost | Coverage | Refresh | Filters | Setup | |---|---|---|---|---|---| | **⭐ CWE MITRE Scraper** *(this Actor)* | $5 free credit, then pay-per-use | **900+** weaknesses, Categories, Views | **Live per run** | mode, ID, category, view, substring | ⚑ 2 min | | Hand-parse the official XML dump | Free | Full catalogue | Manual | Whatever you build | 🐒 Days | | Commercial AppSec platforms | $$$$/year | Full + extras | Vendor schedule | Many | ⏳ Weeks | | Stale community CSVs | Free | Subset, often outdated | Rarely | None | πŸ•’ Variable | Pick this Actor when you want clean structured records, modern fields, and zero pipeline maintenance. *** ### πŸš€ How to use 1. πŸ“ **Sign up.** [Create a free account w/ $5 credit](https://console.apify.com/sign-up?fpr=vmoqkp) (takes 2 minutes). 2. 🌐 **Open the Actor.** Go to the CWE MITRE Scraper page on the Apify Store. 3. 🎯 **Set input.** Choose mode (`single`, `all`, `category`, `view`), provide the relevant ID, set `maxItems`. 4. πŸš€ **Run it.** Click **Start** and let the Actor collect your data. 5. πŸ“₯ **Download.** Grab your results in the **Dataset** tab as CSV, Excel, JSON, or XML. > ⏱️ Total time from signup to downloaded dataset: **3-5 minutes.** No coding required. *** ### πŸ’Ό Business use cases
#### πŸ›‘οΈ AppSec & Vulnerability Management - Auto-tag tickets with CWE name, abstraction, exploit likelihood - Build CWE-to-CVE bridges for triage workflows - Surface mitigations directly in pull-request review - Power vulnerability scoring dashboards with consequence data #### πŸ“‹ GRC & Compliance - Map findings to OWASP Top 10 / CAPEC / NIST controls - Evidence packs for SOC 2, ISO 27001, PCI DSS audits - Quarterly Top 25 trend reports for the board - Coverage matrices for ASVS / SAMM programmes
#### πŸ§‘β€πŸ’» Developer Education & Secure SDLC - Inline CWE explainers in code-review bots - Just-in-time security training tied to ticket weaknesses - Curated learning paths from CWE Categories - Internal wiki content auto-refreshed on each catalogue release #### 🏒 Security Tooling Vendors - Embed canonical CWE data in your scanner UI - Build an offline reference snapshot for air-gapped customers - Drive heuristics from observed-example code patterns - Localise mitigation guidance into your customer dashboards
*** ### πŸ”Œ Automating CWE MITRE Scraper Control the scraper programmatically for scheduled runs and pipeline integrations: - 🟒 **Node.js.** Install the `apify-client` NPM package. - 🐍 **Python.** Use the `apify-client` PyPI package. - πŸ“š See the [Apify documentation](https://docs.apify.com/) for full details. The [Apify Schedules feature](https://docs.apify.com/platform/schedules) lets you trigger this Actor on any cron interval. Quarterly Top 25 refreshes, monthly catalogue mirrors, or on-demand triage lookups are all one click. *** ### 🌟 Beyond business use cases Structured CWE data powers more than enterprise pipelines. The same records support research, education, civic security, and personal initiatives.
#### πŸŽ“ Research and academia - Empirical AppSec studies grounded in canonical taxonomy - Reproducible meta-analyses across CWE revisions - Coursework on secure programming and threat modelling - Cross-taxonomy research bridging CAPEC, ATT\&CK, and OWASP #### 🎨 Personal and creative - Indie security blog write-ups with cited weaknesses - CTF challenge generators seeded by CWE categories - Training cards and flashcards for AppSec interviews - Portfolio side projects that visualise the full taxonomy
#### 🀝 Non-profit and civic - Open-source security guidance for under-resourced teams - Civic-tech audits enriched with mitigation playbooks - Public-interest research on common breach root causes - Community wiki refreshes maintained by volunteers #### πŸ§ͺ Experimentation - Train classifiers that suggest CWE IDs from bug reports - Prototype LLM agents that explain weaknesses in plain English - Build retrieval pipelines for CVE root-cause analysis - Validate AppSec product hypotheses with real reference data
*** ### πŸ€– Ask an AI assistant about this scraper Open a ready-to-send prompt about this ParseForge actor in the AI of your choice: - πŸ’¬ [**ChatGPT**](https://chat.openai.com/?q=How%20do%20I%20use%20the%20CWE%20MITRE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - 🧠 [**Claude**](https://claude.ai/new?q=How%20do%20I%20use%20the%20CWE%20MITRE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - πŸ” [**Perplexity**](https://perplexity.ai/search?q=How%20do%20I%20use%20the%20CWE%20MITRE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - πŸ…’ [**Copilot**](https://copilot.microsoft.com/?q=How%20do%20I%20use%20the%20CWE%20MITRE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) *** ### ❓ Frequently Asked Questions #### 🧩 How does it work? Pick a mode (`single`, `all`, `category`, `view`), provide the relevant ID, and click Start. The Actor pulls the catalogue, normalises each record, and emits a clean structured row per weakness. No browser automation, no captcha, no setup. #### πŸ“ Is the data official? Yes. The catalogue is the official MITRE CWE source of truth. Each record links back to its canonical `cwe.mitre.org/data/definitions/{id}.html` page in the `url` field for cross-checking. #### πŸ” How often is the catalogue refreshed? MITRE publishes catalogue revisions on a regular cadence. Every Actor run pulls the current live state, so your dataset always reflects the most recent revision available. #### πŸ† Can I export the CWE Top 25? Yes. Set `mode` to `view` and `viewId` to `1387` to pull the 2024 Top 25 Most Dangerous Software Weaknesses. Other Views like `1003` (Simplified Mapping) work the same way. #### πŸ—‚οΈ What's the difference between Category and View? A Category groups weaknesses by an attribute (e.g. "Software Development"). A View is a curated lens for a specific audience or purpose (e.g. CWE Top 25, Simplified Mapping for vulnerability disclosures). The Actor supports both. #### πŸ”— Can I batch many CWE IDs in one run? Yes. Set `mode` to `single` and supply `cweIds` as an array (e.g. `["79", "89", "787"]`). Up to 100 IDs per run. #### ⏰ Can I schedule regular runs? Yes. Use Apify Schedules to run this Actor on any cron interval (hourly, daily, weekly) and keep a downstream catalogue snapshot in sync. #### βš–οΈ Is this data legal to use? The CWE catalogue is published by MITRE for public use under its standard terms. Review MITRE's terms of use for your specific use case, but reference catalogue data is generally cleared for commercial and non-commercial reuse. #### πŸ’³ Do I need a paid Apify plan to use this Actor? No. The free Apify plan is enough for testing and small runs (10 records per run). A paid plan lifts the limit and gives you scheduling, higher concurrency, and larger datasets. #### πŸ” What happens if a run fails or gets interrupted? Apify automatically retries transient errors. If a run still fails, you can inspect the log in the Runs tab, fix the input, and re-run. Partial datasets from failed runs are preserved so you never lose progress. #### πŸ†˜ What if I need help? Our support team is here to help. Contact us through the Apify platform or use the Tally form linked below. *** ### πŸ”Œ Integrate with any app CWE MITRE Scraper connects to any cloud service via [Apify integrations](https://apify.com/integrations): - [**Make**](https://docs.apify.com/platform/integrations/make) - Automate multi-step workflows - [**Zapier**](https://docs.apify.com/platform/integrations/zapier) - Connect with 5,000+ apps - [**Slack**](https://docs.apify.com/platform/integrations/slack) - Get run notifications in your channels - [**n8n**](https://docs.apify.com/platform/integrations/n8n) - Self-hosted workflow automation - [**Pipedream**](https://docs.apify.com/platform/integrations/pipedream) - Event-driven serverless workflows - [**Airbyte**](https://docs.apify.com/platform/integrations/airbyte) - Pipe weakness data into your warehouse - [**GitHub**](https://docs.apify.com/platform/integrations/github) - Trigger runs on pull requests and releases - [**Google Drive**](https://docs.apify.com/platform/integrations/drive) - Export datasets straight to Sheets You can also use webhooks to trigger downstream actions when a run finishes. Push fresh CWE data into your AppSec dashboard, or alert your team in Slack when the Top 25 is refreshed. *** ### πŸ”— Recommended Actors - [**πŸ† Sofascore Live Events Scraper**](https://apify.com/parseforge/sofascore-live-scraper) - Live + scheduled events across 13 sports - [**⚾ MLB Stats Scraper**](https://apify.com/parseforge/mlb-stats-scraper) - Schedules, teams, rosters, and live game feeds - [**πŸ’ NHL Stats Scraper**](https://apify.com/parseforge/nhl-stats-scraper) - 32-team standings, schedules, and player profiles - [**πŸ₯… TheSportsDB Scraper**](https://apify.com/parseforge/thesportsdb-scraper) - Open sports database across multiple leagues - [**πŸ“Š OurAirports Scraper**](https://apify.com/parseforge/ourairports-scraper) - Global airport reference dataset > πŸ’‘ **Pro Tip:** browse the complete [ParseForge collection](https://apify.com/parseforge) for more reference-data scrapers. *** **πŸ†˜ Need Help?** [**Open our contact form**](https://tally.so/r/BzdKgA) to request a new scraper, propose a custom data project, or report an issue. *** > **⚠️ Disclaimer:** this Actor is an independent tool and is not affiliated with, endorsed by, or sponsored by MITRE Corporation. CWE and Common Weakness Enumeration are trademarks of The MITRE Corporation. All trademarks mentioned are the property of their respective owners. Only publicly available reference data is collected. # Actor input Schema ## `mode` (type: `string`): Single CWE lookup, all CWE weaknesses, a CWE Category, or a CWE View (e.g. CWE Top 25). ## `cweId` (type: `string`): CWE numeric id for single mode (e.g. 79 = XSS, 89 = SQL Injection, 200 = Information Exposure). ## `cweIds` (type: `array`): Array of CWE numeric IDs to fetch in a single mode=single run (e.g. \["79", "89", "787"]). Takes precedence over cweId. ## `categoryId` (type: `string`): CWE Category id for category mode (e.g. 699 = Software Development, 1000 = Research Concepts). ## `viewId` (type: `string`): CWE View id for view mode (e.g. 1387 = CWE Top 25 Most Dangerous Software Weaknesses (2024), 1003 = Weaknesses for Simplified Mapping). ## `category` (type: `string`): Free-text substring filter on CWE Name (case-insensitive, applied in 'all' mode). Examples: 'Cross-Site', 'SQL Injection', 'Buffer Overflow', 'Path Traversal', 'Authentication', 'Authorization', 'Cryptographic', 'Race Condition', 'Information Exposure', 'Memory Corruption', 'Use After Free', 'Integer Overflow', 'Deserialization', 'XML', 'Command Injection', 'CSRF', 'Hardcoded', 'Open Redirect'. Leave empty for no filter. ## `maxItems` (type: `integer`): Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000 ## Actor input object example ```json { "mode": "single", "cweId": "79", "cweIds": [], "category": "", "maxItems": 10 } ``` # Actor output Schema ## `overview` (type: `string`): Overview of scraped data ## `fullData` (type: `string`): Complete dataset # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "mode": "single", "cweId": "79", "categoryId": "", "viewId": "", "category": "", "maxItems": 10 }; // Run the Actor and wait for it to finish const run = await client.actor("parseforge/cwe-mitre-scraper").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`πŸ’Ύ Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // πŸ“š Want to learn more πŸ“–? Go to β†’ https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "mode": "single", "cweId": "79", "categoryId": "", "viewId": "", "category": "", "maxItems": 10, } # Run the Actor and wait for it to finish run = client.actor("parseforge/cwe-mitre-scraper").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("πŸ’Ύ Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # πŸ“š Want to learn more πŸ“–? Go to β†’ https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "mode": "single", "cweId": "79", "categoryId": "", "viewId": "", "category": "", "maxItems": 10 }' | apify call parseforge/cwe-mitre-scraper --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=parseforge/cwe-mitre-scraper", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "CWE MITRE Scraper", "description": "Scrape Common Weakness Enumeration (CWE) records from the official MITRE CWE REST API - descriptions, mitigations, examples, consequences, taxonomy mappings, and references for ~900 software weakness categories. No API key required.", "version": "0.0", "x-build-id": "xz3SnzWGtQsjKAH8V" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/parseforge~cwe-mitre-scraper/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-parseforge-cwe-mitre-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/parseforge~cwe-mitre-scraper/runs": { "post": { "operationId": "runs-sync-parseforge-cwe-mitre-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/parseforge~cwe-mitre-scraper/run-sync": { "post": { "operationId": "run-sync-parseforge-cwe-mitre-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "properties": { "mode": { "title": "Mode", "enum": [ "single", "all", "category", "view" ], "type": "string", "description": "Single CWE lookup, all CWE weaknesses, a CWE Category, or a CWE View (e.g. CWE Top 25).", "default": "single" }, "cweId": { "title": "CWE ID", "type": "string", "description": "CWE numeric id for single mode (e.g. 79 = XSS, 89 = SQL Injection, 200 = Information Exposure)." }, "cweIds": { "title": "CWE IDs (batch lookup)", "type": "array", "description": "Array of CWE numeric IDs to fetch in a single mode=single run (e.g. [\"79\", \"89\", \"787\"]). Takes precedence over cweId.", "default": [], "items": { "type": "string" } }, "categoryId": { "title": "Category ID", "type": "string", "description": "CWE Category id for category mode (e.g. 699 = Software Development, 1000 = Research Concepts)." }, "viewId": { "title": "View ID", "type": "string", "description": "CWE View id for view mode (e.g. 1387 = CWE Top 25 Most Dangerous Software Weaknesses (2024), 1003 = Weaknesses for Simplified Mapping)." }, "category": { "title": "Category Filter (substring on Name)", "type": "string", "description": "Free-text substring filter on CWE Name (case-insensitive, applied in 'all' mode). Examples: 'Cross-Site', 'SQL Injection', 'Buffer Overflow', 'Path Traversal', 'Authentication', 'Authorization', 'Cryptographic', 'Race Condition', 'Information Exposure', 'Memory Corruption', 'Use After Free', 'Integer Overflow', 'Deserialization', 'XML', 'Command Injection', 'CSRF', 'Hardcoded', 'Open Redirect'. Leave empty for no filter.", "default": "" }, "maxItems": { "title": "Max Items", "minimum": 1, "maximum": 1000000, "type": "integer", "description": "Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000" } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```