Feed syndication (RSS / Atom)

Feed syndication (RSS / Atom)#

Vulnerability-Lookup exposes RSS and Atom feeds for new vulnerabilities, sightings, comments, bundles, and individual user activity. Feeds are designed for low-volume, human-facing consumers — RSS readers, chat-room bots, alert pipes, dashboards — where a small set of recent items is enough.

Tip

Building a mirror, scanner, or other large-scale automated consumer? Feeds are not the right tool — paginated history is capped per feed. See Access patterns for automated consumers for the canonical sync path (since= over the API, plus the pub/sub stream where the operator enables it).

Available endpoints#

Path

Purpose

/recent/{source}.{format}

Recent vulnerabilities, per source or across all sources. Optional ?vendor={vendor-id} filters by vendor; optional ?vulnerability={vuln-id} returns vulnerabilities linked to the given one.

/sightings/feed.{format}

Recent sightings (across all vulnerabilities). Optional ?vulnerability={vuln-id} narrows to a single vulnerability.

/sightings/cpesearch/{cpe}/feed.{format}

Recent sightings for any vulnerability affecting the given CPE.

/comments/feed.{format}

Recent comments. Optional ?user={login} narrows to one author.

/bundles/feed.{format}

Recent bundles. Optional ?user={login} narrows to one author.

/user/{login}.{format}

Recent activity (sightings, comments, bundles) for a given user.

{format}#

Either rss or atom. Both contain the same items; pick whichever your reader prefers.

{source}#

Either all, or any source identifier configured on this instance. The authoritative list for a given deployment is exposed on /about and on https://www.vulnerability-lookup.org/sources. Common identifiers shipped by default include:

  • Core: cvelistv5, nvd, fkie_nvd, github, pysec, gsd, vulnrichment

  • Community & national databases: jvndb, cnvd, fstec, variot, tailscale, bitnami_vulndb, cleanstart, drupal, ossf_malicious_packages, emb3d

  • CERT-FR: certfr_avis, certfr_alerte

  • CSAF providers: csaf_abb, csaf_certbund, csaf_cisa, csaf_cisco, csaf_microsoft, csaf_ncscnl, csaf_nozominetworks, csaf_opensuse, csaf_ox, csaf_redhat, csaf_se, csaf_sick, csaf_siemens, csaf_suse, csaf_trustsource

  • OSV: osv_almalinux, osv_haskell, osv_ocaml, osv_ossfuzz, osv_rustsec

  • Enrichment: cwec, capec

Pagination#

Feeds accept page and per_page query parameters. The default page size is set per instance via FEED_MAX_PER_PAGE in config/website.py. Most readers don’t paginate, so the default is sized for one page of recent items.

Examples#

Subscribing to recent vulnerabilities#

All sources, Atom format:

$ curl https://vulnerability.circl.lu/recent/all.atom

A single source:

$ curl https://vulnerability.circl.lu/recent/pysec.atom

Filtering recent vulnerabilities#

By vendor:

$ curl 'https://vulnerability.circl.lu/recent/cvelistv5.atom?vendor=MISP&per_page=2&page=8'

Vulnerabilities linked to a specific vulnerability (e.g. cross-source correlation, follow-ups):

$ curl 'https://vulnerability.circl.lu/recent/all.atom?vulnerability=cve-2021-22280'

Sample response:

<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/rss/recent/all/10</id>
  <title>Most recent entries from all</title>
  <updated>2024-11-26T08:03:09.000211+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <subtitle>Contains only the most 10 recent entries.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx</id>
    <title>ghsa-x53h-2cjp-mwcx</title>
    <updated>2024-11-26T08:03:09.013675+00:00</updated>
    <link href="https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx"/>
  </entry>
  <!-- ... -->
</feed>

Subscribing to sightings#

For a specific vulnerability:

$ curl 'https://vulnerability.circl.lu/sightings/feed.atom?vulnerability=CVE-2024-0012'

For every vulnerability affecting a product (CPE):

$ curl 'https://vulnerability.circl.lu/sightings/cpesearch/cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*/feed.atom'

Sightings are aggregated from various trusted sources, including security websites, Exploit-DB, GitHub repositories, security blogs, social networks, and MISP.

Subscribing to comments, bundles, or user activity#

Recent comments across the instance:

$ curl https://vulnerability.circl.lu/comments/feed.atom

Comments by a single user:

$ curl 'https://vulnerability.circl.lu/comments/feed.atom?user=alice'

Recent activity for a single user (sightings + comments + bundles in one feed):

$ curl https://vulnerability.circl.lu/user/alice.atom

See also#

  • API v1 — paginated, programmatic access including since=-based incremental sync, cross-source correlation, and the full OpenAPI specification.

  • Access patterns for automated consumers — authoritative guidance on which surface to use for which use case (feeds vs. API vs. stream vs. bulk dumps), identification etiquette, and rate-limit posture.