What this endpoint does

This endpoint searches for vulnerabilities matching specified filter criteria, returning paginated results with optional enrichment fields. It supports vulnerability-specific filters including CVSS v2 and v3 score ranges (e.g., [9.0, 10.0] for critical vulnerabilities), Recorded Future risk score ranges, risk rules from the Vulnerability Risk Rules endpoint (e.g., recentMalwareActivity for actively exploited CVEs), and CPE identifiers for affected products. Combine filters for targeted vulnerability prioritization — for example, pairing a high CVSS v3 range with an active exploitation risk rule identifies the most urgent vulnerabilities. Results are paginated with a maximum of 1,000 per page and a 10,000-result total window. For single-CVE enrichment, use the Vulnerability Lookup endpoint instead; for bulk CVE lists filtered by risk rule, use the Vulnerability Risk List endpoint.

Response data

The response contains a data.results array of vulnerability objects, each including the enrichment fields specified by the fields parameter (consult the Enrichment Field Attributes reference for available fields). A counts object provides returned (results in the current page) and total (total matching results up to the 10,000 window). Each result includes at minimum the entity object with the CVE identifier, internal RF ID, entity type, and NVD description. Adding risk provides the risk score, criticality label, and evidence details per triggered rule; adding aiInsights provides an AI-generated triage summary.