| API Docs
Home Swagger UI
Quickstart Guide

Make your first API call in 2 minutes

RiskScore enriches CVEs with composite risk scores, CVSS, EPSS exploitation probability, and CISA KEV status. No setup needed beyond an API key.

1
Get your API key

Create a free account at riskscore.dev/signup. Your API key appears on the dashboard under API Keys. Copy it — you'll use it in every request via the X-API-Key header.

2
Make your first call

Look up CVE-2021-44228 (Log4Shell) — one of the most critical vulnerabilities ever discovered. Replace YOUR_API_KEY with your key from Step 1. 

curl -X GET "https://api.riskscore.dev/v1/cves/CVE-2021-44228" \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Accept: application/json"
import requests

API_KEY = "YOUR_API_KEY"
CVE_ID  = "CVE-2021-44228"

response = requests.get(
    f"https://api.riskscore.dev/v1/cves/{CVE_ID}",
    headers={"X-API-Key": API_KEY},
)

data = response.json()
print(f"Risk score: {data['risk_score']} ({data['severity']})")
print(f"In KEV:     {data['kev']['in_kev']}")
const API_KEY = "YOUR_API_KEY";
const CVE_ID  = "CVE-2021-44228";

const res  = await fetch(
  `https://api.riskscore.dev/v1/cves/${CVE_ID}`,
  { headers: { "X-API-Key": API_KEY } }
);
const data = await res.json();

console.log(`Risk score: ${data.risk_score} (${data.severity})`);
console.log(`In KEV:     ${data.kev.in_kev}`);
3
Understand the response

A successful call returns enriched CVE data. Here's what each field means:

200 OK GET /v1/cves/CVE-2021-44228
"cve_id": "CVE-2021-44228", CVE IdentifierThe canonical NVD identifier for this vulnerability.
"risk_score": 98, RiskScore (0–100)Our composite priority score. Combines CVSS, EPSS, and KEV status. Higher = more urgent to patch.
"severity": "CRITICAL", Severity BandCRITICAL / HIGH / MEDIUM / LOW / INFORMATIONAL — derived from risk_score.
"cvss_v3_score": 10.0, CVSS v3 Base ScoreIndustry-standard severity from NVD. 10.0 is the maximum possible score.
"cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", CVSS VectorMachine-readable attack characteristics: network-reachable, no privileges, no user interaction.
"epss_score": 0.97566, EPSS ProbabilityExploitation Prediction Scoring System (0–1). 0.976 = 97.6% probability of exploitation in the next 30 days.
"epss_percentile": 0.99984, EPSS PercentileThis CVE is riskier than 99.98% of all CVEs tracked by EPSS.
"kev": {
"in_kev": true, CISA KEV Statustrue = actively exploited in the wild, confirmed by CISA. Treat as highest priority.
"date_added": "2021-12-10", KEV Date AddedWhen CISA added it to the Known Exploited Vulnerabilities catalog.
"due_date": "2021-12-24" Federal Remediation DeadlineUS federal agencies were required to patch by this date.
},
"description": "Apache Log4j2 2.0-beta9 through 2.15.0 ...", Plain-English DescriptionNVD's official description of what the vulnerability is and what it affects.
"published": "2021-12-10T10:15:00" Published DateWhen NVD first recorded this CVE.
What's next?
📖
Full API Reference
Browse all endpoints in the interactive Swagger UI
🔑
Get your API Key
Sign up free — no credit card required
🏠
riskscore.dev
Pricing, plans, and platform overview