To get the vulnerability information of a nginx version, you have to make a call including the major nginx version (or the minor one). The response will include all vulnerabilities for this major version.
https://www.wpvulnerability.net/nginx/nginx-major-or-minor-version/
Example: nginx 1.22
nginx JSON response
This will return a JSON with the following format:
{
"error": 0,
"message": null,
"data": {
"name": "nginx 1.x",
"nginx": "1.x",
"status": "m",
"date_start": "1970-01-01"
"sate_end": "1971-12-31"
"vulnerability": [
{
"name": "nginx 1.x < 1.x.1",
"operator": {
"min_version": null,
"min_operator": null,
"max_version": "2.x.1",
"max_operator": "lt",
"unfixed": "0",
},
"source": [
{
"id": "CVE-0000-00001",
"name": "CVE-0000-00001",
"link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-27"
}
]
},
{
"name": "nginx 1.x < 1.x.2",
"operator": {
"min_version": null,
"min_operator": null,
"max_version": "2.x.2",
"max_operator": "le",
"unfixed": "0",
},
"source": [
{
"id": "CVE-0000-00002",
"name": "CVE-0000-00002",
"link": "https://www.cve.org/CVERecord?id=CVE-0000-00002",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-28"
}
]
},
]
},
"updated": 1053993600
}
nginx JSON description
error
: If there is an error, the value will be 1. If there is no error, it will be 0.message
: In case of error, an information message will be displayed.data
: (object) Data information group.data -> name
: nginx version.data -> nginx
: nginx major version.data -> status
: (values) Information URL.m
: Maintaineds
: Security supportd
: Deprecated / Unmaintained
data -> date_start
: Date since the version was launched.data -> date_end
: Date when the version was deprecated / unmaintained.data -> vulnerability
: (array) Each of the plugin’s vulnerabilities.data -> vulnerability -> name
: Vulnerability name.data -> vulnerability -> operator
: (object) Vulnerability version calculation system. It is based on the PHP version_compare function.data -> vulnerability -> operator -> min_version
: Minimum version affected.data -> vulnerability -> operator -> min_operator
: Calculation operator.data -> vulnerability -> operator -> max_version
: Maximum version affected.data -> vulnerability -> operator -> max_operator
: Calculation operator.data -> vulnerability -> operator -> unfixed
: The vulnerability is unfixed.
data -> vulnerability -> source
: (array) List of vulnerabilities.data -> vulnerability -> source -> id
: Source unique identifier.data -> vulnerability -> source -> link
: Source vulnerability information.data -> vulnerability -> source -> description
: Source vulnerability description.data -> vulnerability -> source -> date
: Date of publication of the vulnerability.
update
: Last information update (UNIXTIME).
Important information
The nginx API has information since nginx 0.5, and also vulnerabilities that may apply to WordPress. This is not a nginx vulnerability database.