GET /epss

The EPSS Data public information (see http://www.first.org/epss) is available for querying using the endpoint /epss:

| Repository | Endpoint URL | Status | |-----------------------|-----------------------------------------------------|--------| | FIRST API v1 | https://api.first.org/data/v1/epss | BETA |

Additional Parameters

These parameters may be added (in addition to the Global parameters) to the query string to filter the results:

| Parameter | Type | Description | |-------------------|---------|-----------------------------------------------------------------------------------------------------------------------------| | cve | string | Filters by EPSS CVE ID. Multiple values are supported separated by commas. The maximum size accepted for this parameter is 2000 characters (including commas). | | date | date | Date in the format YYYY-MM-DD (since April 14, 2021), shows the historic values for epss and percentile attributes. | | days | int | Number of days since the EPSS score was added to the database (starting at 1, not affected by the date parameter). | | epss-gt | decimal | Only display CVEs with EPSS score greater or equal than the parameter. | | percentile-gt | decimal | Only display CVEs with percentile greater or equal than the parameter. | | epss-lt | decimal | Only display CVEs with EPSS score lower or equal than the parameter. | | percentile-lt | decimal | Only display CVEs with percentile lower or equal than the parameter. | | q | string | Free text search at the CVE ID (allows partial matches). |

Scope

These are the allowed scope for the EPSS dataset:

| Scope | Description | |----------------------|---------------------------------------------------------------------------------------------| | public (default) | Shows the basic EPSS data (cve, epss, percentile, created). | | time-series | Shows the last 30 days (or what is available) of the EPSS score and percentile for any CVE. |

Response

The response object contains a list of matching CVEs and their EPSS scores:

curl -X GET "https://api.first.org/data/v1/epss?cve=CVE-2021-40438,CVE-2019-16759&date=2022-02-28&pretty=true"
{
    "status": "OK",
    "status-code": 200,
    "version": "1.0",
    "access": "private, no-cache",
    "total": 2,
    "offset": 0,
    "limit": 100,
    "data": [
        {
            "cve": "CVE-2021-40438",
            "epss": "0.972240000",
            "percentile": "1.000000000",
            "date": "2022-02-28"
        },
        {
            "cve": "CVE-2019-16759",
            "epss": "0.968170000",
            "percentile": "0.999990000",
            "date": "2022-02-28"
        }
    ]
}