The Red Hat Security Data API provides public access to Red Hat's security advisory and CVE data. Operators can query CVEs affecting RHEL products, retrieve CVSS scores, list security advisories (RHSA), bug fix advisories (RHBA), and enhancement advisories (RHEA), and obtain OVAL XML data for vulnerability scanning integration. No authentication is required for public data.
openapi: 3.1.0
info:
title: Red Hat Security Data API
description: >-
The Red Hat Security Data API provides public access to Red Hat's security
advisory and CVE data. It enables operators to query CVEs affecting RHEL
products, retrieve CVSS scores, list security advisories (RHSA), bug fix
advisories (RHBA), and enhancement advisories (RHEA), and obtain OVAL XML
data for vulnerability scanning integration. No authentication is required
for public data access.
version: '1.0'
contact:
name: Red Hat Security
url: https://access.redhat.com/security/
termsOfService: https://www.redhat.com/en/about/agreements
externalDocs:
description: Red Hat Security Data API Documentation
url: https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0
servers:
- url: https://access.redhat.com/labs/securitydataapi
description: Red Hat Security Data API
tags:
- name: CVEs
description: Common Vulnerabilities and Exposures data for Red Hat products
- name: Advisories
description: Red Hat security, bug fix, and enhancement advisories
- name: OVAL
description: OVAL XML definitions for vulnerability scanning
paths:
/cve.json:
get:
operationId: listCves
summary: List CVEs
description: >-
Returns a list of CVEs affecting Red Hat products. Supports filtering
by product, package, CVSS score range, severity, and date range.
Results are paginated.
tags:
- CVEs
parameters:
- name: before
in: query
description: Filter CVEs published before this date (YYYY-MM-DD)
schema:
type: string
format: date
- name: after
in: query
description: Filter CVEs published after this date (YYYY-MM-DD)
schema:
type: string
format: date
- name: ids_only
in: query
description: Return only CVE IDs instead of full objects
schema:
type: boolean
default: false
- name: bug
in: query
description: Filter by associated Bugzilla bug ID
schema:
type: string
- name: advisory
in: query
description: Filter by associated security advisory ID
schema:
type: string
- name: severity
in: query
description: Filter by severity level
schema:
type: string
enum:
- critical
- important
- moderate
- low
- name: package
in: query
description: Filter by affected package name
schema:
type: string
- name: product
in: query
description: Filter by affected product name
schema:
type: string
- name: cvss_score
in: query
description: Minimum CVSS score
schema:
type: number
- name: cvss3_score
in: query
description: Minimum CVSS v3 score
schema:
type: number
- name: page
in: query
schema:
type: integer
default: 1
- name: per_page
in: query
schema:
type: integer
default: 20
responses:
'200':
description: List of CVEs returned
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/CveSummary'
/cve/{CVE}.json:
get:
operationId: getCve
summary: Get CVE Details
description: >-
Returns detailed information about a specific CVE including description,
CVSS scores, affected packages, associated advisories, and remediation
information for Red Hat products.
tags:
- CVEs
parameters:
- name: CVE
in: path
required: true
description: The CVE identifier (e.g., CVE-2024-12345)
schema:
type: string
pattern: '^CVE-\d{4}-\d+$'
responses:
'200':
description: CVE details returned
content:
application/json:
schema:
$ref: '#/components/schemas/CveDetail'
'404':
description: CVE not found
/advisory.json:
get:
operationId: listAdvisories
summary: List Security Advisories
description: >-
Returns a list of Red Hat security advisories (RHSA), bug fix advisories
(RHBA), and enhancement advisories (RHEA). Supports filtering by type,
severity, product, and date range.
tags:
- Advisories
parameters:
- name: before
in: query
description: Filter advisories issued before this date (YYYY-MM-DD)
schema:
type: string
format: date
- name: after
in: query
description: Filter advisories issued after this date (YYYY-MM-DD)
schema:
type: string
format: date
- name: type
in: query
description: Filter by advisory type
schema:
type: string
enum:
- RHSA
- RHBA
- RHEA
- name: severity
in: query
description: Filter by severity (RHSA only)
schema:
type: string
enum:
- Critical
- Important
- Moderate
- Low
- name: package
in: query
description: Filter by affected package name
schema:
type: string
- name: product
in: query
description: Filter by affected product
schema:
type: string
- name: cve
in: query
description: Filter by associated CVE ID
schema:
type: string
- name: page
in: query
schema:
type: integer
default: 1
- name: per_page
in: query
schema:
type: integer
default: 20
responses:
'200':
description: List of advisories returned
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/AdvisorySummary'
/advisory/{advisory}.json:
get:
operationId: getAdvisory
summary: Get Advisory Details
description: >-
Returns detailed information about a specific security advisory including
the description, affected packages, CVEs addressed, and the list of
updated packages.
tags:
- Advisories
parameters:
- name: advisory
in: path
required: true
description: The advisory ID (e.g., RHSA-2024:1234)
schema:
type: string
responses:
'200':
description: Advisory details returned
content:
application/json:
schema:
$ref: '#/components/schemas/AdvisoryDetail'
'404':
description: Advisory not found
/oval/{product}.xml:
get:
operationId: getOvalDefinitions
summary: Get OVAL Definitions
description: >-
Returns OVAL XML definitions for vulnerability scanning of a specific
product. OVAL definitions can be used with OpenSCAP and other OVAL
scanners to assess vulnerability exposure on RHEL systems.
tags:
- OVAL
parameters:
- name: product
in: path
required: true
description: The product identifier (e.g., rhel8, rhel9)
schema:
type: string
responses:
'200':
description: OVAL XML definitions returned
content:
application/xml:
schema:
type: string
description: OVAL XML document
'404':
description: OVAL definitions not found for this product
components:
schemas:
CveSummary:
type: object
properties:
CVE:
type: string
description: CVE identifier
severity:
type: string
enum:
- Critical
- Important
- Moderate
- Low
public_date:
type: string
format: date-time
bugzilla:
type: string
description: Associated Bugzilla URL
cvss_score:
type: number
description: CVSS v2 score
cvss3_score:
type: number
description: CVSS v3 score
cwe:
type: string
description: CWE identifier
CveDetail:
allOf:
- $ref: '#/components/schemas/CveSummary'
- type: object
properties:
bugzilla_description:
type: string
details:
type: array
items:
type: string
acknowledgement:
type: string
affected_release:
type: array
items:
type: object
properties:
product_name:
type: string
release_date:
type: string
advisory:
type: string
package:
type: string
cpe:
type: string
AdvisorySummary:
type: object
properties:
id:
type: string
description: Advisory ID (e.g., RHSA-2024:1234)
title:
type: string
severity:
type: string
type:
type: string
enum:
- RHSA
- RHBA
- RHEA
issued:
type: string
format: date-time
updated:
type: string
format: date-time
cves:
type: array
items:
type: string
AdvisoryDetail:
allOf:
- $ref: '#/components/schemas/AdvisorySummary'
- type: object
properties:
description:
type: string
solution:
type: string
references:
type: array
items:
type: string
packages:
type: array
items:
type: object
properties:
name:
type: string
arch:
type: string
filename:
type: string