Premium Verified CVE (cross-database)
1 creditGET /api/premium/security/verified/{cve_id}The /api/premium/security/verified/{cve_id} endpoint is a single-call cross-database CVE corroboration. It composes MITRE CVE Record + CISA Known Exploited Vulnerabilities + FIRST.org EPSS + OSV.dev advisory + CISA Vulnrichment SSVC into one LLM-ready fact card with a confirmed_by array (subset of MITRE/KEV/EPSS/OSV/Vulnrichment) and corroboration_count (0 to 5). Sources missing the CVE just do not appear in confirmed_by; the call still returns whatever sources do have it. Reduces 5 fan-out calls and 5 different parsing schemas to one. Returns 404 only when 0 sources have the CVE.
When to use this endpoint
When an agent needs to verify a CVE is real and gather severity + exploitation + ecosystem signals in one shot. The corroboration_count is auditable per call: agents asking "do not act on a single security database" get a clean stream of cross-confirmed records. Anti-hallucination by construction.
Parameters
| Name | In | Type | Description |
|---|---|---|---|
| cve_id* | path | string | CVE identifier in canonical CVE-YYYY-NNNN forme.g. CVE-2024-3094 |
* required
Example response
{
"ok": true,
"source_format": "mitre_cve_v5_2 + cisa_kev_v1 + first_epss_v3 + osv_v1 + cisa_vulnrichment_v1",
"target_format": "tensorfeed_llm_ready_v1",
"schema_version": "1.0",
"cleaning_version": "1.0",
"compression_stats": { "source_bytes": 24816, "cleaned_bytes": 1942, "reduction_pct": 92.2, "approx_tokens_saved": 6202 },
"data": {
"cve_id": "CVE-2024-3094",
"severity_band": "critical",
"cvss_v3_1_score": 10,
"summary": "Malicious code in xz upstream tarballs.",
"exploited_in_wild": false,
"epss_probability": 0.85,
"exploit_likelihood_band": "high",
"cwes": ["CWE-506"],
"affected_ecosystems": ["Alpine", "Debian"],
"ssvc": { "exploitation": "active", "automatable": "yes", "technical_impact": "total" },
"confirmed_by": ["MITRE", "EPSS", "OSV", "Vulnrichment"],
"corroboration_count": 4,
"per_source": { "mitre": { "ok": true, "cvss_score": 10, "cwes_count": 1 }, "kev": { "ok": false, "date_added": null }, "epss": { "ok": true, "probability": 0.85, "percentile": 0.99 }, "osv": { "ok": true, "ecosystems_count": 2, "aliases_count": 1 }, "vulnrichment": { "ok": true, "has_ssvc": true } }
},
"billing": { "credits_charged": 1, "credits_remaining": 49 }
}Code samples
Python SDK
from tensorfeed import TensorFeed
tf = TensorFeed(token="tf_live_...")
v = tf._get("/premium/security/verified/CVE-2024-3094")
print(f"Confirmed by {v['data']['corroboration_count']} sources: {v['data']['confirmed_by']}")
print(f"Severity: {v['data']['severity_band']}, exploited in wild: {v['data']['exploited_in_wild']}")TypeScript SDK
const res = await fetch(
"https://tensorfeed.ai/api/premium/security/verified/CVE-2024-3094",
{ headers: { Authorization: "Bearer tf_live_..." } }
);
const v = await res.json();
console.log(`Confirmed by ${v.data.corroboration_count}/5 sources`);FAQ
What if a CVE is not in any of the 5 sources?
The endpoint returns 404 with a checked array listing the 5 sources we attempted. CVE id may be invalid, very recent (not yet propagated to any database), or reserved/disputed.
Why is exploited_in_wild a boolean instead of a probability?
KEV (CISA Known Exploited Vulnerabilities) is a curated list of CVEs CISA has confirmed are being exploited in active campaigns. Presence on KEV is binary, so we surface it as a boolean. EPSS is the probability signal; epss_probability and exploit_likelihood_band are also returned.
How does compression_stats compare with hitting all 5 sources directly?
A typical 5-source fan-out is ~25KB across MITRE CVE Record (3KB) + KEV (1KB) + EPSS (0.5KB) + OSV (8KB) + Vulnrichment (12KB). The composed fact card is ~2KB. About 92% reduction with no information loss for agent decision-making.