openapi: 3.0.0 info: title: Ubuntu Security CVE API description: >- The Ubuntu Security CVE API provides programmatic access to Ubuntu's CVE (Common Vulnerabilities and Exposures) database. It enables querying security notices, CVE details, affected packages, and patch status across Ubuntu releases. version: "1.0.0" contact: name: Ubuntu Security Team url: https://ubuntu.com/security servers: - url: https://ubuntu.com/security description: Ubuntu Security API tags: - name: CVEs description: CVE security vulnerabilities - name: Notices description: Ubuntu Security Notices paths: /cves.json: get: operationId: listCves summary: List CVEs description: Returns a paginated list of CVEs affecting Ubuntu packages. tags: - CVEs parameters: - name: q in: query required: false schema: type: string description: Search query for CVE IDs or descriptions. - name: package in: query required: false schema: type: string description: Filter CVEs by affected package name. - name: priority in: query required: false schema: type: string enum: - critical - high - medium - low - negligible description: Filter by CVE priority level. - name: status in: query required: false schema: type: string description: Filter by fix status. - name: codename in: query required: false schema: type: string description: Filter by Ubuntu release codename (e.g., jammy, noble). - name: offset in: query required: false schema: type: integer default: 0 description: Pagination offset. - name: limit in: query required: false schema: type: integer default: 20 description: Number of CVEs to return per page. responses: '200': description: Paginated list of CVEs. content: application/json: schema: $ref: '#/components/schemas/CveListResponse' /cves/{cve_id}.json: get: operationId: getCve summary: Get CVE description: Returns detailed information about a specific CVE. tags: - CVEs parameters: - name: cve_id in: path required: true schema: type: string pattern: '^CVE-\d{4}-\d{4,}$' description: CVE identifier (e.g., CVE-2024-1234). responses: '200': description: CVE details. content: application/json: schema: $ref: '#/components/schemas/Cve' '404': description: CVE not found. /notices.json: get: operationId: listNotices summary: List Security Notices description: Returns Ubuntu Security Notices (USN) for published vulnerabilities. tags: - Notices parameters: - name: offset in: query required: false schema: type: integer default: 0 description: Pagination offset. - name: limit in: query required: false schema: type: integer default: 20 description: Number of notices to return. - name: release in: query required: false schema: type: string description: Filter notices by Ubuntu release codename. responses: '200': description: List of security notices. content: application/json: schema: $ref: '#/components/schemas/NoticeListResponse' /notices/{notice_id}.json: get: operationId: getNotice summary: Get Security Notice description: Returns details for a specific Ubuntu Security Notice. tags: - Notices parameters: - name: notice_id in: path required: true schema: type: string description: Ubuntu Security Notice ID (e.g., USN-6789-1). responses: '200': description: Security notice details. content: application/json: schema: $ref: '#/components/schemas/Notice' '404': description: Notice not found. components: schemas: CveListResponse: type: object properties: cves: type: array items: $ref: '#/components/schemas/Cve' offset: type: integer limit: type: integer total_results: type: integer Cve: type: object properties: id: type: string description: CVE identifier. published: type: string format: date-time description: Date the CVE was published. updated_at: type: string format: date-time description: Date the CVE was last updated. description: type: string description: Official CVE description. ubuntu_description: type: string description: Ubuntu-specific description. notes: type: string description: Additional notes about the CVE. priority: type: string enum: - critical - high - medium - low - negligible description: Ubuntu priority level for this CVE. cvss3: type: number description: CVSS v3 score. status: type: string description: Current fix status. mitigation: type: string description: Available mitigation steps. references: type: array items: type: string description: External references and links. packages: type: array items: $ref: '#/components/schemas/AffectedPackage' AffectedPackage: type: object properties: name: type: string description: Package name. source: type: string description: Source package name. statuses: type: array items: type: object properties: release_codename: type: string status: type: string description: type: string NoticeListResponse: type: object properties: notices: type: array items: $ref: '#/components/schemas/Notice' offset: type: integer limit: type: integer total_results: type: integer Notice: type: object properties: id: type: string description: Ubuntu Security Notice identifier. title: type: string description: Notice title. summary: type: string description: Summary of the vulnerability. description: type: string description: Full description. published: type: string format: date-time description: Publication date. cves: type: array items: type: string description: List of CVE IDs addressed by this notice. packages: type: array items: type: object properties: name: type: string version: type: string release: type: string