2024-02-11 API update


Apache HTTPD API endpoint, out of beta

As we commented in the last API update, we have already published out of beta the endpoint of PHP vulnerabilities, and this time it is the turn of Apache HTTPD vulnerabilities.

The first version of this new database has 263 vulnerabilities, corresponding to Apache HTTPD 1.3, 2.0, 2.2 and 2.4.

Here is the API Apache HTTPD endpoint information.

Future update

We are working on a future update of this endpoint that will include Apache HTTPD vulnerabilities that specifically affect when you have a particular module installed.

In addition, we will also include CWE and CVSS in a future version when available.

New nginx vulnerabilities API endpoint

And while we are on web server vulnerabilities, we have also created the nginx vulnerability database.

The database currently includes versions from 0.5 to 1.25, with 40 documented vulnerabilities.

Here is the API nginx endpoint information.

Future update

We will also include CWE and CVSS in a future version when available.

Radical change

Well, although it will not be that much, we are going to make a change in the “impact” section of the API in all the endpoints.

Until now, the CVSS component referred to version 3.1, but we will add more combinations, so in future versions we will extend these changes and remove the previous one.

In any case, we will give some notice and keep the current one for a few months.

More API endpoints, soon

We are working on adding more vulnerabilities related to WordPress, like MySQL, MariaDB, PHP extensions, OS libraries… If you have any product that we should include, please, tell us!

This is our focus for 2024. We are going to improve the plugins and themes information, but we want to add more value because WordPress security is not only the WordPress software.

Open to sponsorship

We are again open to sponsorship. Thanks to our sponsors, we can work improving this information and endpoints.