TAXII, STIX version 2.1 support
CVEdetails.com supports Trusted Automated Exchange of Intelligence Information (TAXII) version 2.1 and provides CVE collections and objects in Structured Threat Information Expression (STIX) version 2.1 format. Only GET methods are supported and it's not possible to create, delete or modify objects using the taxii protocol.
| Discovery endpoint | https://www.cvedetails.com/taxii2/ |
| API root | https://www.cvedetails.com/taxii2/api/v1/ |
| Collections url | https://www.cvedetails.com/taxii2/api/v1/collections/ |
| cve collection |
https://www.cvedetails.com/taxii2/api/v1/collections/cve/
This collection returns CVEs as STIX objects extending the standard STIX vulnerability object. |
| cve-2 collection |
https://www.cvedetails.com/taxii2/api/v1/collections/cve-2/
This collection returns CVEs as custom STIX objects (you can use this collection with Anomali ThreatStream). |
| Get object endpoints | Both cve and cve-2 collections support get object calls for individual CVEs. Get object responses will include CVE timeline as well (timeline is not included in responses return by collection lists). |
Authentication
All Taxii calls require authentication. You can either use Bearer access tokens or use Http Basic authentication (e.g if the third party tool you are using does not support the Bearer scheme).
When using basic authentication, you MUST use an access token as the password value. We do not actually support basic authentication but just emulate it using an access token as the password. You can use any username value which will be ignored.
See APIs page for more information on access tokens and rate limiting. All requirements and rate limits which apply to other API calls apply to Taxii calls as well.