About the OSVDB API

OSVDB License

Use of the API falls under the OSVDB License, which was agreed to by you during the account creation process. By using the API in any way, you agree to the terms and restrictions covered by the license. For any commercial use, you must contact the to discuss licensing. Such commercial use may not be done until after licensing has been discussed, agreed upon, and outlined by a contract.

Overview on OSVDB Cross-Referencing and Integration

The Open Source Vulnerability Database (OSVDB) is an independent and open source database created for the security community. The goal of OSVDB is to provide accurate, detailed, current, and unbiased technical information. By utilizing a wide range of diverse resources, OSVDB brings vulnerability information together in one centralized location, thus reducing the need to access multiple locations for the same information. The database itself is openly available via the web (HTTP) and can be cross-referenced by other databases and resources. In some cases, the database can be made available for integration into security products such as vulnerability scanners and intrusion detection and prevention systems. Please contact [email protected] for more information.

Some of the data in a typical OSVDB entry includes dates related to disclosure, classification flags, impact, available solutions, a list of references to other resources, technical notes, product information, creditee, and more. In most cases, the entry has all of the information required to understand the vulnerability, and act on the information if required.

With over 90,000 unique vulnerabilities already included in the database, OSVDB strives to be the most accurate and comprehensive collection of publicly available vulnerability information. Companies can benefit from integrating OSVDB into their services by licensing the data, to ensure their solutions are based on a more complete data set than any other vulnerability information provider.

Cross-referencing and integrating with OSVDB is easy via its new application programming interface (API), which can provide multiple result formats to fit various needs. Queries can be run against any number of correlation factors, including CVE ID, Microsoft Bulletin ID, Bugtraq ID, and a host of other common reference points. The API is designed to provide limited access to the data set, to support end users and hobbyists. Use of the API in a commercial setting is prohibited. OSF has partnered with Risk Based Security (RBS) to provide a more robust API that is not limited in any way, to support companies that integrate the data into their solutions, whether internal or customer facing.

Technical Details about the API

• The API is RESTful interface to the OSVDB database, and requires an API key.
• Results are returned in either XML or CSV.
• Allows OSVDB ID correlation to a growing list of other references and integrators products.
• Includes access to RSS Feeds detailing updated OSVDB ID's (must be granted access to feeds by moderators).
• 2 queries per day (to raise this, contact regarding licensing)

To get started using the API, visit the API documentation for usage instructions and examples.