WPVulnerability

WordPress Vulnerability Database API

nginx endpoint

To get the vulnerability information of a nginx version, you have to make a call including the major nginx version (or the minor one). The response will include all vulnerabilities for this major version.

https://www.wpvulnerability.net/nginx/nginx-major-or-minor-version/

Example: nginx 1.22

nginx JSON response

This will return a JSON with the following format:

{
  "error": 0,
  "message": null,
  "data": {
    "name": "nginx 1.x",
    "nginx": "1.x",
    "status": "m",
    "date_start": "1970-01-01"
    "sate_end": "1971-12-31"
    "vulnerability": [
      {
        "uuid": "example",
        "name": "nginx 1.x < 1.x.1",
        "operator": {
          "min_version": null,
          "min_operator": null,
          "max_version": "2.x.1",
          "max_operator": "lt",
          "unfixed": "0",
        },
        "source": [
          {
            "id": "CVE-0000-00001",
            "name": "CVE-0000-00001",
            "link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
            "description": "This is an example of a vulnerability description.",
            "date": "2003-05-27"
          }
        ]
      }
    ]
  },
  "updated": 1053993600
}

nginx JSON description

  • error: If there is an error, the value will be 1. If there is no error, it will be 0.
  • message: In case of error, an information message will be displayed.
  • data: (object) Data information group.
  • data → name: nginx version.
  • data → nginx: nginx major version.
  • data → status: (values) Information URL.
    • m: Maintained
    • s: Security support
    • d: Deprecated / Unmaintained
  • data → date_start: Date since the version was launched.
  • data → date_end: Date when the version was deprecated / unmaintained.
  • data → vulnerability: (array) Each of the plugin’s vulnerabilities.
    • data → vulnerability → uuid: nginx unique vulnerability ID.
    • data → vulnerability → name: Vulnerability name.
    • data → vulnerability → operator: (object) Vulnerability version calculation system. It is based on the PHP version_compare function.
    • data → vulnerability → operator → min_version: Minimum version affected.
    • data → vulnerability → operator → min_operator: Calculation operator.
    • data → vulnerability → operator → max_version: Maximum version affected.
    • data → vulnerability → operator → max_operator: Calculation operator.
    • data → vulnerability → operator → unfixed: The vulnerability is unfixed.
  • data → vulnerability → source: (array) List of vulnerabilities.
    • data → vulnerability → source → id: Source unique identifier.
    • data → vulnerability → source → link: Source vulnerability information.
    • data → vulnerability → source → description: Source vulnerability description.
    • data → vulnerability → source → date: Date of publication of the vulnerability.
  • update: Last information update (UNIXTIME).

Important information

The nginx API has information since nginx 0.5, and also vulnerabilities that may apply to WordPress. This is not a nginx vulnerability database.