Bulk CVE Lookup
bulk_cve_lookupBatch query up to 50 CVEs in a single request to retrieve full CVE details for dependency audits and bulk vulnerability enrichment.
Instructions
Batch query multiple CVEs (up to 50 per call, same for Free and Pro): retrieve full CVE details for all in 1 request instead of N. By default each CVE's affected_products is truncated to the first 20 entries (total_products reports honest count) and references to the first 10 (total_references reports honest count); pass include_affected_products=true / include_full_references=true to return full lists. Pass include_reference_tags=true to receive references_full=[{url, tags, source}] per CVE in the batch. Pass include_severity_breakdown=true to receive severity_sources/consensus/disagreement per CVE. Use for dependency audits or bulk vulnerability enrichment; use cve_lookup for single CVE. Each successful item carries next_calls — chain with kev_detail (when kev.in_kev=true), cwe_lookup (when cwe_id is present), or exploit_lookup. Free: 30/hr (1 per item), Pro: 500/hr. Returns {results, total, successful, failed, timed_out, partial, summary}.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| cve_ids | Yes | List of CVE identifiers in format CVE-YYYY-NNNNN (e.g. ['CVE-2024-3094', 'CVE-2021-44228', 'CVE-2023-44487']). Maximum 50 per request (same cap for Free and Pro). | |
| include_reference_tags | No | Return structured references_full per CVE in the batch [{url, tags, source}]. Same shape as cve_lookup (default: True). Activates tag-first patch detection per item. Set False for legacy clients. | |
| include_full_references | No | Return the full references list for each CVE in the batch (default: True). total_references is always emitted. Set False to truncate each item to first 10 entries when payload-bound. | |
| include_affected_products | No | Return the full affected_products list for each CVE in the batch (default: False, each CVE returns first 20). Set True for bulk dependency audits. | |
| include_severity_breakdown | No | Return severity_sources/consensus/disagreement per CVE in batch. Same shape as cve_lookup (default: True). cvss_v2 and cvss_v2_vector are always emitted (additive non-opt-in). Set False to skip if downstream cannot tolerate the extra fields. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |