The Patchstack Threat Intelligence API exposes our vulnerability database for WordPress plugins, themes and core. It supports single-product lookups, bulk lookups (POST /batch, up to 50 products per request), the /latest rolling feed, advisory-by-id detail, and a per-item payload that includes cvss_score, cve, is_exploited, patch_priority, and patched_in_ranges.

Custom pricing, activated on request — contact us.

• Guide · Reference · OpenAPI · Postman · API properties

For partners covering JavaScript components, a Beta surface adds npm-ecosystem coverage alongside WordPress, available to selected partners working directly with Patchstack. Beyond npm itself it ships the supporting additions that make npm coverage workable at scale: the new GET /all endpoint, cursor pagination, ?include=details for full advisory bodies, and a nested response shape the stable API will eventually adopt. Everything else (/latest, /product/{type}/{name}/{version}, /batch) is the same surface as the stable API.

See the NPM features (Beta) page for the full delta — base URL, parameters, pagination, errors, and migration notes — and the auto-generated reference for the full schema. Contact us for access.

The legacy Standard tier is no longer offered to new customers but remains documented for existing integrations — its endpoints are a strict subset of the current API.

The API ships with an OpenAPI spec and a generated Postman collection. Beta has its own spec — pick whichever you're integrating against:

Every endpoint, parameter, request body and example is preconfigured. Download the Postman collection and drag it into your tool, or import by URL from inside the tool:

Authentication: in Postman set the collection Authorization to API Key, key PSKey, value {{PSKEY}}, and add PSKEY as a collection variable with your real key as the Current value (leave Initial blank so it doesn't sync to teammates). Other tools work the same way — set PSKey as a collection header once.

Point your assistant at the spec. LLMs parse OpenAPI cleanly and will generate clients that match the real field names instead of hallucinating.

• Ad hoc: paste the spec URL into your prompt. Example: "Write a Python client for https://docs.patchstack.com/schemas/threat-intel-extended.yaml. I need a batch walker over a package.json-style list."
• In your repo: download the spec to docs/vendor/patchstack-threat-intel.yaml and reference it from your CLAUDE.md / AGENTS.md. Your assistant can then grep the YAML for specific fields without refetching.
• Plain-text fallback: for tools that don't parse YAML, our llms-full.txt contains the full reference as flat markdown.

Generate a client in any language from the spec:

# TypeScript
npx @openapitools/openapi-generator-cli generate \
  -i https://docs.patchstack.com/schemas/threat-intel-extended.yaml \
  -g typescript-fetch -o ./patchstack-client

# Python
npx @openapitools/openapi-generator-cli generate \
  -i https://docs.patchstack.com/schemas/threat-intel-extended.yaml \
  -g python -o ./patchstack-client-py

Speakeasy and Fern also consume the same spec and produce more idiomatic SDKs if you need a polished client library.

Spec stability: the Beta spec may change without a version bump while the API is in beta. Pin a commit of the YAML in production integrations, or wait for the GA release when we'll publish versioned URLs. The stable spec tracks the v2 surface.