openapi: 3.0.3 info: title: Red Hat Security Data API description: >- The Red Hat Security Data API provides access to CVE (Common Vulnerabilities and Exposures) data, CSAF security advisories, and OVAL vulnerability assessment data for Red Hat Enterprise Linux and other Red Hat products. Returns data in JSON format for automated vulnerability management workflows. version: '1.0' contact: name: Red Hat Security url: https://access.redhat.com/security/ termsOfService: https://www.redhat.com/en/about/terms-use servers: - url: https://access.redhat.com/hydra/rest/securitydata description: Red Hat Security Data API tags: - name: CVEs description: Common Vulnerabilities and Exposures data - name: Advisories description: Red Hat Security Advisories (CSAF/CVRF) - name: OVAL description: Open Vulnerability and Assessment Language data paths: /cve.json: get: operationId: listCVEs summary: List CVEs description: >- Returns a list of recent CVEs affecting Red Hat products. Supports filtering by date range, severity, product, and CVE identifiers. Returns the first page of 1000 results by default. tags: - CVEs parameters: - name: before in: query description: Return CVEs before this date (YYYY-MM-DD) schema: type: string format: date - name: after in: query description: Return CVEs after this date (YYYY-MM-DD) schema: type: string format: date - name: product in: query description: Filter by Red Hat product name (e.g., "Red Hat Enterprise Linux 9") schema: type: string - name: severity in: query description: Filter by severity level schema: type: string enum: [Low, Moderate, Important, Critical] - name: per_page in: query description: Number of results per page (default 1000) schema: type: integer default: 1000 - name: page in: query description: Page number for pagination schema: type: integer default: 1 responses: '200': description: List of CVEs content: application/json: schema: type: array items: $ref: '#/components/schemas/CVESummary' /cve/{cveId}.json: get: operationId: getCVE summary: Get CVE description: >- Returns detailed information about a specific CVE including affected packages, release information, severity ratings, CVSS scores, and Red Hat impact statements. tags: - CVEs parameters: - name: cveId in: path required: true description: CVE identifier (e.g., CVE-2021-23358) schema: type: string example: CVE-2021-23358 responses: '200': description: CVE detail content: application/json: schema: $ref: '#/components/schemas/CVEDetail' '404': description: CVE not found /cvrf/{advisoryId}.json: get: operationId: getAdvisory summary: Get Security Advisory description: >- Returns detailed information about a specific Red Hat Security Advisory (RHSA, RHBA, or RHEA) in CVRF format, including affected packages, CVE references, and fix information. tags: - Advisories parameters: - name: advisoryId in: path required: true description: Advisory identifier (e.g., RHSA-2021:2865) schema: type: string example: RHSA-2021:2865 responses: '200': description: Advisory detail content: application/json: schema: $ref: '#/components/schemas/Advisory' '404': description: Advisory not found /oval/com.redhat.rhsa-RHEL{majorVersion}.xml.bz2: get: operationId: getOVALStream summary: Get OVAL Stream description: >- Returns the OVAL stream data for Red Hat Enterprise Linux assessment. Used by vulnerability scanners to assess RHEL system security posture. tags: - OVAL parameters: - name: majorVersion in: path required: true description: RHEL major version number (e.g., 9) schema: type: integer example: 9 responses: '200': description: OVAL data stream content: application/octet-stream: schema: type: string format: binary components: schemas: CVESummary: type: object description: Summary CVE record returned in list operations properties: CVE: type: string description: CVE identifier example: CVE-2021-23358 severity: type: string description: Severity rating enum: [Low, Moderate, Important, Critical] public_date: type: string format: date-time description: Date the CVE was made public advisories: type: array items: type: string description: List of associated advisory IDs bugzilla: type: string description: Bugzilla ticket URL bugzilla_description: type: string description: Short description of the vulnerability cvss_score: type: number description: CVSS v2 base score cvss3_score: type: number description: CVSS v3 base score cwe: type: string description: CWE identifier affected_packages: type: array items: type: string description: List of affected package names resource_url: type: string format: uri description: URL for full CVE details CVEDetail: type: object description: Full CVE detail record properties: name: type: string description: CVE identifier example: CVE-2021-23358 threat_severity: type: string description: Red Hat severity rating enum: [Low, Moderate, Important, Critical] public_date: type: string format: date-time bugzilla: type: object properties: description: type: string id: type: string url: type: string format: uri cvss: type: object properties: cvss_base_score: type: string cvss_scoring_vector: type: string status: type: string cvss3: type: object properties: cvss3_base_score: type: string cvss3_scoring_vector: type: string status: type: string cwe: type: string details: type: array items: type: string description: Detailed description of the vulnerability statement: type: string description: Red Hat impact statement affected_release: type: array description: Fixed package releases items: type: object properties: product_name: type: string release_date: type: string format: date-time advisory: type: string cpe: type: string package: type: string package_state: type: array description: Packages with no available fix items: type: object properties: product_name: type: string fix_state: type: string enum: [Affected, Will not fix, Fix deferred, Not affected, Out of support scope] package_name: type: string cpe: type: string Advisory: type: object description: Red Hat Security Advisory in CVRF format properties: DocumentTitle: type: string description: Title of the advisory DocumentType: type: string description: Type of advisory (Security Advisory, Bug Fix Advisory, Enhancement Advisory) DocumentPublisher: type: object properties: ContactDetails: type: string IssuingAuthority: type: string DocumentTracking: type: object properties: Identification: type: object properties: ID: type: string description: Advisory ID (e.g., RHSA-2021:2865) Status: type: string Version: type: string InitialReleaseDate: type: string format: date-time CurrentReleaseDate: type: string format: date-time CVE: type: array items: type: string description: CVE identifiers addressed by this advisory