Pricing
from $24.38 / 1,000 results
CIRCL CVE Search Scraper
Scrape CVE vulnerability records from CIRCL CVE Search. Fetch the latest CVEs, look up by ID, browse vendor products, or list every CVE for a vendor/product. Returns CVSS, CWE, CPEs, references, CAPEC, and impact metrics.
Pricing
from $24.38 / 1,000 results
Rating
0.0
(0)
Developer
Actor stats
0
Bookmarked
2
Total users
1
Monthly active users
a month ago
Last modified
Categories
Share
๐ฌ CIRCL CVE Scraper
๐ Export the CIRCL Luxembourg CVE search catalogue in seconds. Pull latest CVEs, single CVE detail, vendor and product browse, plus the full CWE catalogue and CAPEC pattern catalogue. No sign-up, no token, no manual pagination.
๐ Last updated: 2026-05-15 ยท ๐ 24 fields per record ยท ๐ฌ 240,000+ CVEs ยท ๐ข 25,000+ vendors ยท ๐งฌ 1,000+ CWE entries ยท 600+ CAPEC patterns
The CIRCL CVE Scraper pulls vulnerabilities, weakness catalogues, and attack patterns from the CIRCL Luxembourg CVE search catalogue and returns 24 normalised fields per CVE record, including the CVE identifier, summary, publication and modification timestamps, CVSS v4 / v3 / v2 base scores, CWE list, CAPEC patterns, references, vulnerable configurations, and provider metadata. The catalogue is maintained by the Computer Incident Response Center Luxembourg, a national CERT, and is one of the most widely used open mirrors of the global CVE list with extra cross-references that the upstream sources do not provide in a single place.
The catalogue covers 240,000+ CVEs spanning every published year, 25,000+ vendor slugs, the full Common Weakness Enumeration list, and 600+ Common Attack Pattern Enumeration entries. This Actor makes that data downloadable as CSV, Excel, JSON, or XML in minutes. Eight modes cover everything from latest-published feeds to vendor-product browse to CWE-CAPEC mapping.
| ๐ฏ Target Audience | ๐ก Primary Use Cases |
|---|---|
| Security teams, threat researchers, vulnerability managers, vendor risk analysts, DevSecOps engineers, security tool builders, ML researchers | Cross-reference CVE / CWE / CAPEC, vendor risk research, latest-CVE feeds, attack-pattern mapping, training datasets, complementing NVD with extra metadata |
๐ What the CIRCL CVE Scraper does
Eight workflows in a single Actor:
- ๐ Latest published CVEs. Pull the N most recently published vulnerabilities.
- ๐ Single CVE by ID. Look up one CVE detail page (e.g.
CVE-2021-44228). - ๐ฆ Batch CVE lookup. Pass an array of CVE IDs and get every match in one run.
- ๐ข Browse vendor. List every product known under a vendor slug like
apacheormicrosoft. - ๐ Search vendor + product. Return every CVE for a vendor / product pair (e.g.
apache/log4j). - ๐ข๏ธ DB info. Get the last database update timestamp for cache invalidation.
- ๐งฌ CWE catalogue. List every Common Weakness Enumeration entry.
- ๐ฏ CAPEC patterns for a CWE. Map a CWE to its related CAPEC attack patterns.
- ๐ท๏ธ Vendors index. List every vendor slug known to CIRCL.
Each CVE record includes the identifier, summary, state, assigner CNA, publication and modification timestamps, CVSS v4 / v3 / v2 base scores and severities, CWE list, CAPEC patterns, references, vulnerable configurations, vulnerable products, impact and access metrics, and provider metadata.
๐ก Why it matters: the upstream CVE feeds are split across NVD, MITRE, and dozens of CNAs. CIRCL aggregates them with extra cross-references like CWE-to-CAPEC mapping that no single source exposes. Building your own cross-walk means engineering a multi-source pipeline. This Actor skips all of that.
๐ฌ Full Demo
๐ง Coming soon: a 3-minute walkthrough showing how to go from sign-up to a downloaded CVE dataset.
โ๏ธ Input
| Input | Type | Default | Behavior |
|---|---|---|---|
| mode | enum | "latest" | One of latest, byId, browseVendor, searchProduct, dbInfo, cwe, capec, vendor. |
| cveId | string | "" | Single CVE ID for byId. Also used as the CWE numeric ID for capec mode. |
| cveIds | string[] | [] | Batch CVE IDs for byId mode (recommended max ~100 per run). |
| vendor | string | "" | Lowercase vendor slug for browseVendor and searchProduct (e.g. apache, microsoft). |
| product | string | "" | Lowercase product slug for searchProduct (e.g. log4j, tomcat). |
| count | integer | 100 | Number of latest CVEs to fetch in latest mode (max 1,000). |
| maxItems | integer | 10 | Records to return. Free plan caps at 10, paid plan at 1,000,000. |
Example: latest 50 CVEs published.
Example: every CVE for Apache Log4j.
โ ๏ธ Good to Know: vendor and product slugs are lowercase and follow CIRCL conventions (e.g.
microsoft/windows_10, notMicrosoft/Windows 10). Use mode=vendor first to discover available slugs.
๐ Output
Each CVE record contains 24 fields. Download the dataset as CSV, Excel, JSON, or XML.
๐งพ Schema
| Field | Type | Example |
|---|---|---|
๐ cveId | string | "CVE-2021-44228" |
๐ url | string | "https://cve.circl.lu/cve/CVE-2021-44228" |
๐ท๏ธ title | string | null | "Apache Log4j2 Remote Code Execution" |
๐ summary | string | null | "Apache Log4j2 2.0-beta9 through 2.15.0..." |
๐ฆ state | string | null | "PUBLISHED" |
๐ข assigner | string | null | "GitHub_M" |
๐
published | ISO 8601 | null | "2021-12-10T10:15:09Z" |
๐ modified | ISO 8601 | null | "2025-04-03T01:03:51Z" |
๐ last_modified | ISO 8601 | null | "2025-04-03T01:03:51Z" |
๐ฏ cvss | number | null | 10.0 |
๐ฏ cvss3 | number | null | 10.0 |
๐ฏ cvss4 | number | null | 10.0 |
๐ฆ severity | string | null | "CRITICAL" |
๐งฌ cwe | string[] | ["CWE-20", "CWE-400", "CWE-502"] |
๐ references | string[] | ["https://logging.apache.org/log4j/2.x/security.html", "..."] |
๐งฑ vulnerable_configuration | string[] | ["cpe:2.3:a:apache:log4j:2.0:*:*:*:*:*:*:*"] |
๐ฆ vulnerable_product | string[] | ["cpe:2.3:a:apache:log4j:*"] |
๐ฏ capec | string[] | ["CAPEC-242"] |
๐ฅ impact | object | { "confidentiality": "HIGH", "integrity": "HIGH", "availability": "HIGH" } |
๐ access | object | { "vector": "NETWORK", "complexity": "LOW", "authentication": "NONE" } |
๐ฆ affected | object[] | [{ "vendor": "apache", "product": "log4j", "versions": [...] }] |
๐ฏ metrics | object[] | [{ "version": "3.1", "baseScore": 10.0, "baseSeverity": "CRITICAL" }] |
๐ข๏ธ dataVersion | string | null | "5.1" |
๐ scrapedAt | ISO 8601 | "2026-05-15T00:00:00.000Z" |
๐ฆ Sample record
โจ Why choose this Actor
| Capability | |
|---|---|
| ๐ฌ | Authoritative source. Pulls directly from the CIRCL Luxembourg CVE search catalogue, a national CERT-maintained mirror. |
| ๐ฏ | Multi-version CVSS. v4, v3.1, v3.0, and v2 base scores plus vector strings, all normalised. |
| ๐งฌ | CWE + CAPEC. Cross-walk a CVE to its weaknesses and from those to attack patterns. |
| ๐ข | Vendor + product browse. Discover every product CIRCL knows for a vendor and every CVE for the pair. |
| ๐ | Latest feed. Daily-fresh list of the most recently published CVEs in one call. |
| ๐ข๏ธ | DB info. Surface the last update timestamp for cache control. |
| ๐ซ | No sign-up. Works with public vulnerability data. No login or token needed. |
๐ CIRCL aggregates CVE data with cross-references no single upstream source exposes. Owning a clean local copy is a multiplier for every research and prioritisation workflow.
๐ How it compares to alternatives
| Approach | Cost | Coverage | Refresh | Modes | Setup |
|---|---|---|---|---|---|
| โญ CIRCL CVE Scraper (this Actor) | $5 free credit, then pay-per-use | 240,000+ CVEs | Live per run | 8 modes incl. CWE / CAPEC | โก 2 min |
| Commercial threat-intel platforms | $10,000+/year | Curated subset | Streaming | Many | โณ Days |
| Direct upstream feeds | Free | Single source | Variable | Limited | ๐ ๏ธ Hours |
| Self-built ingestion | Engineering time | Full | Custom | Custom | ๐ข Weeks |
Pick this Actor when you want the CIRCL aggregate with vendor browse and CWE-CAPEC cross-walks ready to go.
๐ How to use
- ๐ Sign up. Create a free account with $5 credit (takes 2 minutes).
- ๐ Open the Actor. Go to the CIRCL CVE Scraper page on the Apify Store.
- ๐ฏ Set input. Pick a mode (latest / byId / vendor / product / cwe / capec), then set
maxItems. - ๐ Run it. Click Start and let the Actor collect your data.
- ๐ฅ Download. Grab your results in the Dataset tab as CSV, Excel, JSON, or XML.
โฑ๏ธ Total time from signup to downloaded dataset: 3-5 minutes. No coding required.
๐ผ Business use cases
๐ก๏ธ Vulnerability Management
|
๐ Threat Intelligence & Research
|
๐งฌ Security Tooling
|
๐ Reporting & Compliance
|
๐ Automating CIRCL CVE Scraper
Control the scraper programmatically for scheduled runs and pipeline integrations:
- ๐ข Node.js. Install the
apify-clientNPM package. - ๐ Python. Use the
apify-clientPyPI package. - ๐ See the Apify documentation for full details.
The Apify Schedules feature lets you trigger this Actor on any cron interval. Hourly, daily, or weekly refreshes keep your downstream vulnerability database in sync automatically.
๐ Beyond business use cases
Data like this powers more than commercial workflows. The same structured records support research, education, civic projects, and personal initiatives.
๐ Research and academia
|
๐จ Personal and creative
|
๐ค Non-profit and civic
|
๐งช Experimentation
|
๐ค Ask an AI assistant about this scraper
Open a ready-to-send prompt about this ParseForge actor in the AI of your choice:
- ๐ฌ ChatGPT
- ๐ง Claude
- ๐ Perplexity
- ๐ Copilot
โ Frequently Asked Questions
๐งฉ What is CIRCL?
CIRCL (Computer Incident Response Center Luxembourg) is the national CERT for the private and non-governmental sector in Luxembourg. They operate the cve.circl.lu catalogue, a widely used open mirror of the global CVE list with extra cross-references.
๐ How is this different from the NIST NVD scraper?
CIRCL aggregates CVE data with extra cross-references like CWE-to-CAPEC mapping, vendor / product browse, and a full CWE catalogue mode. NIST NVD is the canonical U.S. source. Many teams use both: NVD for authoritative CVSS scoring, CIRCL for cross-walks and discovery.
๐ฏ Which CVSS versions are included?
All four. The Actor surfaces CVSS v4.0, v3.1, v3.0, and v2 base scores plus vector strings whenever the source provides them.
๐งฌ What is CWE?
CWE (Common Weakness Enumeration) is the standard taxonomy of software weaknesses. Use mode=cwe to dump the full catalogue.
๐ฏ What is CAPEC?
CAPEC (Common Attack Pattern Enumeration and Classification) catalogues attacker techniques. Use mode=capec with a CWE numeric ID in the cveId field to surface attack patterns related to that weakness.
๐ How often is the dataset refreshed?
CIRCL refreshes from upstream sources continuously. Use mode=dbInfo to read the last update timestamp for cache invalidation.
๐ข How do I find vendor and product slugs?
Use mode=vendor to list every vendor known to CIRCL, then mode=browseVendor with the vendor slug to list its products. Slugs are lowercase and use underscores.
โฐ Can I schedule regular runs?
Yes. Use Apify Schedules to run this Actor on any cron interval. A common pattern is an hourly schedule on mode=latest to keep a downstream CVE feed fresh.
โ๏ธ Is this data legal to use?
CIRCL publishes the catalogue under permissive open licensing for non-commercial and commercial use. You should review the source terms for your specific application.
๐ณ Do I need a paid Apify plan to use this Actor?
No. The free Apify plan is enough for testing and small runs (10 records per run). A paid plan lifts the limit and gives you scheduling, higher concurrency, and larger datasets.
๐ What if I need help?
Our support team is here to help. Contact us through the Apify platform or use the Tally form linked below.
๐ Integrate with any app
CIRCL CVE Scraper connects to any cloud service via Apify integrations:
- Make - Automate multi-step workflows
- Zapier - Connect with 5,000+ apps
- Slack - Get CVE alerts in your security channels
- Airbyte - Pipe CVE data into your warehouse
- GitHub - Trigger runs from commits and releases
- Google Drive - Export datasets straight to Sheets
You can also use webhooks to trigger downstream actions when a run finishes. Push fresh CVE data into your ticketing system, or alert your team in Slack when a vendor you track gets a new disclosure.
๐ Recommended Actors
- ๐ก๏ธ NIST NVD CVE Scraper - Official NVD catalogue with CVSS v4/v3/v2 scores
- ๐จ CISA KEV Scraper - Known Exploited Vulnerabilities catalogue with due dates
- ๐ EPSS Exploit Prediction Scraper - 30-day exploitation probability scores
- ๐ GitHub Security Advisories Scraper - GHSA + CVE advisories with patched versions
- ๐ฆ OSV Vulnerabilities Scraper - Open source vulnerabilities across 30+ ecosystems
๐ก Pro Tip: browse the complete ParseForge collection for more security and reference-data scrapers.
๐ Need Help? Open our contact form to request a new scraper, propose a custom data project, or report an issue.
โ ๏ธ Disclaimer: this Actor is an independent tool and is not affiliated with, endorsed by, or sponsored by CIRCL Luxembourg, MITRE, or any of the CNAs that contribute to the CVE catalogue. All trademarks mentioned are the property of their respective owners. Only publicly available vulnerability data is collected.
