Discover/Ptsecurity API
live

Ptsecurity APIdbugs.ptsecurity.com

Access CVE details, CVSS scores, researcher leaderboards, and trending vulnerability data from Positive Technologies' dbugs database via 5 structured endpoints.

Endpoint health
verified 4d ago
list_vulnerabilities
get_trends
list_researchers
get_vulnerability_detail
get_researcher_profile
5/5 passing latest checkself-healing
Endpoints
5
Updated
26d ago

What is the Ptsecurity API?

The dbugs (Positive Technologies) API exposes 5 endpoints covering vulnerability listings, full detail records, trending threats, and security researcher profiles. The list_vulnerabilities endpoint lets you search across the entire PT vulnerability database by keyword, CVE ID, or vulnerability class, returning severity scores, affected vendors and products, and fix and exploit availability for each result.

Try it
Full-text search query (e.g., 'chrome', 'CVE-2026-1731', 'privilege escalation')
Page number for pagination (1-based)
Number of results per page (max observed: 100)
api.parse.bot/scraper/d798a609-8999-4eb7-add4-060fbb383313/<endpoint>
Ready to send
Fill in the parameters and hit sign in to send to see live response data here.
Call it over HTTPgrab a free API key at signup
curl -X POST 'https://api.parse.bot/scraper/d798a609-8999-4eb7-add4-060fbb383313/list_vulnerabilities' \
  -H 'X-API-Key: $PARSE_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
  "fts": "nginx",
  "page": "1",
  "limit": "5"
}'
Python SDK · recommended

Typed, relational, agent-ready

A generated client with real types, enums, and the links between objects — the structure a flat JSON response can't carry. Autocompletes in your editor and reads cleanly to coding agents.

  • Fully typed · autocompletes
  • Objects link to objects
  • Typed errors & pagination

Typed Python client. Set up the SDK in your uv project, then pull this API’s typed client:

uv add parse-sdk
uv run parse init
uv run parse add --marketplace dbugs-ptsecurity-com-api

uv run parse add --marketplace pulls a pinned snapshot of this canonical API — it won’t change underneath you. To customize it, subscribe and swap to your own copy.

from parse_apis.dbugs_vulnerability_database_api import Dbugs, Severity

dbugs = Dbugs()

# Search for critical nginx vulnerabilities
for vuln in dbugs.vulnerabilities.search(fts="nginx", limit=5):
    print(vuln.vulner_id, vuln.cve_id, vuln.max_severity, vuln.has_fix)

# Get full details on a specific vulnerability
detail = dbugs.vulnerabilities.get(vulner_id="PT-2026-40681")
print(detail.vulner_id, detail.cve_id, detail.max_score, detail.impacts)

# Browse trending vulnerabilities
for trend in dbugs.trendingvulnerabilities.list(limit=3):
    print(trend.lvl, trend.posts_count, trend.vulnerability.cve_id)

# List top researchers
for researcher in dbugs.researchers.list(limit=5):
    print(researcher.place, researcher.name, researcher.vulner_count, researcher.vulner_rating)

# Get a specific researcher's vulnerabilities
r = dbugs.researchers.get(name="Mat Powell")
print(r.name, r.company, r.vulner_average_rating)
for rv in r.vulnerabilities.list(limit=3):
    print(rv.vulner_id, rv.cve_id, rv.max_score, rv.impacts)
All endpoints · 5 totalmissing one? ·

Full-text search over the vulnerability catalog. Returns paginated summaries with CVE IDs, severity scores, affected vendors/products, and fix/exploit status. Pagination via integer page counter; each page returns up to `limit` items. Without `fts`, returns the most recently added vulnerabilities.

Input
ParamTypeDescription
ftsstringFull-text search query (e.g., 'chrome', 'CVE-2026-1731', 'privilege escalation')
pageintegerPage number for pagination (1-based)
limitintegerNumber of results per page (max observed: 100)
Response
{
  "type": "object",
  "fields": {
    "rows": "array of vulnerability summary objects containing vulner_id, cve_id, max_score, max_severity, vendors, products, has_fix, has_exploits, created, updated",
    "count": "integer total number of matching vulnerabilities"
  },
  "sample": {
    "data": {
      "rows": [
        {
          "cve_id": "CVE-2026-53463",
          "created": "2026-06-10",
          "has_fix": true,
          "updated": "2026-06-10",
          "vendors": [
            "Imagemagick"
          ],
          "products": [
            "Imagemagick"
          ],
          "max_score": 4.3,
          "metrics_3": [
            "AV:N",
            "AC:L",
            "PR:N",
            "UI:R",
            "S:U",
            "C:N",
            "I:N",
            "A:L"
          ],
          "vulner_id": "PT-2026-48572",
          "related_ids": [
            "CVE-2026-53463"
          ],
          "researchers": [],
          "has_exploits": false,
          "max_severity": "MEDIUM",
          "priority_vendor": "Imagemagick",
          "priority_product": "Imagemagick"
        }
      ],
      "count": 379808
    },
    "status": "success"
  }
}

About the Ptsecurity API

Vulnerability Search and Detail

The list_vulnerabilities endpoint accepts a fts parameter for full-text search — valid inputs include product names like chrome, identifiers like CVE-2026-1731, or descriptive terms like privilege escalation. Each result row returns vulner_id, cve_id, max_score, max_severity, vendors, products, has_fix, and has_expl. Pagination is controlled by page and limit. To retrieve the full record for any entry, pass its vulner_id to get_vulnerability_detail, which returns CVSS vectors grouped by source and locale, multi-locale descriptions, external references with ref_url and domain, credited researchers, and the highest max_score.

Trending Vulnerabilities and Social Signals

The get_trends endpoint returns vulnerabilities currently receiving elevated attention, with each row including twitter_timeline, posts_count, and last_tweets alongside the standard vulnerability fields. This makes it straightforward to surface threats generating active security community discussion without manually monitoring social feeds.

Researcher Leaderboards and Profiles

The list_researchers endpoint returns a ranked list of security researchers ordered by vulner_rating. Each row includes place, name, company, vulner_count, and vulner_average_rating. To view an individual researcher's attributed discoveries, pass their name to get_researcher_profile, which returns both the researcher object and a paginated array of their reported vulnerabilities including vulner_id, cve_id, max_score, max_severity, locales, and impacts.

Reliability & maintenanceVerified

The Ptsecurity API is a managed, monitored endpoint for dbugs.ptsecurity.com — not a raw scraper you maintain. Every endpoint is automatically health-checked on a schedule, and when dbugs.ptsecurity.com changes and a check fails, the API is automatically queued for repair and re-verified. It is built to keep working as the site underneath it changes.

This isn't an official dbugs.ptsecurity.com API — it's an independent, maintained REST wrapper over public data. Where the source has no official API (or only a limited one), Parse gives you a stable contract over a source that never promised one, and keeps it current. Need a new endpoint or field? You can revise it yourself in plain English and the agent rebuilds it against the live site in minutes — contributing the change back to the shared API is free.

Last verified
4d ago
Latest check
5/5 endpoints passing
Maintenance
Monitored & self-healing
Will this API break when the source site changes?+
It's built not to. Every endpoint is health-checked on a schedule with automated test probes. When the source site changes and a check fails, the API is automatically queued for repair and re-verified — that's the self-healing layer. Each API page shows when its endpoints were last verified. And because marketplace APIs are shared, any fix reaches everyone using it.
Is this an official API from the source site?+
No — Parse APIs are independent, managed REST wrappers over publicly available data. That is the point: where a site has no official API (or only a limited one), Parse gives you a maintained, monitored endpoint for that data and keeps it working as the site changes — so you get a stable contract over a source that never promised one.
Can I fix or extend this API myself if I need a new endpoint or field?+
Yes — and you don't have to wait on us. This API was generated by the Parse agent, which stays attached. Describe the change in plain English ("add an endpoint that returns reviews", "fix the price field") in the revise box on the API page or via the revise_api MCP tool, and the agent rebuilds it against the live site in minutes. Contributing the change back to the public API is free.
What happens if I call an endpoint that has an issue?+
Errors are machine-readable: a bad call returns a clean status with the list of available endpoints and a repair hint, so an agent (or you) can recover or trigger a fix instead of failing silently. Confirmed failures feed the automatic repair queue.
Common use cases
  • Monitor newly disclosed critical or high-severity vulnerabilities affecting a specific vendor using list_vulnerabilities with an fts search.
  • Pull full CVSS vector data and multi-locale descriptions for a known PT or CVE ID to feed into an internal vulnerability management system.
  • Track trending threats by social media post volume using get_trends to prioritize patching queues.
  • Build a researcher attribution feed by querying get_researcher_profile for credited discoverers of specific vulnerabilities.
  • Rank external security researchers by vulner_rating via list_researchers for bug bounty program benchmarking.
  • Check has_expl and has_fix flags from list_vulnerabilities to filter exploitable-but-unpatched issues for immediate triage.
  • Aggregate last_tweets data from trending vulnerabilities to correlate social discussion spikes with disclosure timelines.
Pricing & limitsSee full pricing →
TierPriceCredits/monthRate limit
Free$0/mo1005 req/min
Hobby$30/mo1,00020 req/min
Developer$100/mo5,000100 req/min

One credit = one API call regardless of which marketplace API you call. Exceeding the rate limit returns a 429 response. Authenticate with the X-API-Key header.

Frequently asked questions
Does dbugs.ptsecurity.com have an official public developer API?+
Positive Technologies does not publish a documented public REST API for the dbugs vulnerability database. The data is presented through their web interface at dbugs.ptsecurity.com without an officially documented developer integration layer.
What does `get_vulnerability_detail` return beyond what `list_vulnerabilities` provides?+
list_vulnerabilities returns summary fields: vulner_id, cve_id, max_score, max_severity, vendors, products, has_fix, and has_expl. get_vulnerability_detail adds CVSS vectors grouped by source and locale, full multi-locale locales descriptions, an array of external references with ref_url and domain, and the researchers array crediting the discoverers.
Does the API expose vulnerability patch notes, vendor advisories, or changelog history?+
Not currently. The API covers external references via ref_url fields in the references array, but structured patch notes, vendor advisory text, or version-level changelog history are not returned as distinct fields. You can fork the API on Parse and revise it to add an endpoint targeting advisory-specific data.
Are there any limitations on what the researcher profile endpoint can return?+
The get_researcher_profile endpoint requires the researcher's name exactly as it appears in list_researchers results. The vulnerabilities list within the profile is paginated using page and limit. Researchers not present in the leaderboard — for example, those with no rated discoveries in the PT database — will not have retrievable profiles.
Does the API cover NVD or MITRE CVE data separately from PT's own identifiers?+
Not as standalone endpoints. The API returns cve_id fields alongside PT's own vulner_id identifiers, and CVSS data is grouped by source within get_vulnerability_detail. There are no dedicated endpoints for querying NVD or MITRE records directly. You can fork the API on Parse and revise it to add an endpoint that cross-references NVD identifiers.
Page content last updated . Spec covers 5 endpoints from dbugs.ptsecurity.com.
Related APIs in Developer ToolsSee all →
alienvault.com API
Search and analyze global threat intelligence data including indicators of compromise, threat pulses, and adversary profiles from the Open Threat Exchange community. Monitor recent security alerts and access detailed information about threats and adversaries to strengthen your cybersecurity defenses.
fa.omron.co.jp API
Access Omron Industrial Automation security advisories and CVE data. Search advisories by product or keyword, retrieve detailed advisory information by OMSR ID, or pull the latest security feed. Returns vulnerability identifiers, affected products, severity metadata, and remediation details.
crash.pmmp.io API
Search and browse crash reports for PocketMine-MP, view detailed information about specific crashes, and submit new crash reports to the archive. Keep your server stable by accessing a centralized database of known issues and their solutions.
dotdb.com API
Search domains and uncover keyword insights to research competitor strategies and domain market intelligence. Get detailed domain metadata, keyword reports, and pricing information to inform your SEO and business decisions.
example-eu-regulatory-site.com API
Track GDPR fines and penalties issued across EU authorities, search by company or violation type, and analyze enforcement trends with detailed penalty information and regulatory statistics. Monitor compliance risks by accessing real-time data on fine amounts, violating companies, and specific breach details from official enforcement records.
dahuasecurity.com API
Browse Dahua’s product category tree and navigation structure, including major product families and their links and images.
bug.co.il API
Search and browse products from Bug.co.il, Israel's leading electronics retailer. Access product listings by keyword or category, retrieve detailed product information including specs, pricing, and images, and view featured homepage promotions — all through a single API.
violationtracker.goodjobsfirst.org API
Search corporate violations and regulatory penalties across companies, industries, and agencies to research misconduct records and enforcement actions. Get detailed information about specific violations, parent company compliance histories, and regulatory agency enforcement patterns.