Published 3 December 2025 12:00 AM
4 min. read

Premium Data, Open to Everyone: Updates to Vulners Access Rules

#vulners #update #free-tier #api #cve
This post thumbnail

Vulners was born in the security research and ethical hacking community, and we want the free tier to reflect that: useful, practical, and reliable for everyday use.

Adding More to the Free Tier

The free tier is where most people meet Vulners for the first time: students, researchers, blue teams, bug bounty hunters, and curious engineers. This update is about making that free experience feel like a real tool, not a demo.

Web Portal: Premium Data, Open to Everyone

We’ve opened up access to ALL data in the web portal.

You can now browse previously premium collections directly in the UI, including:

  • GitHub Exploits / Gitee – exploit PoCs discovered in public repositories, collected and scored using Vulners proprietary extraction and ranking logic. These collections help you:
    • Quickly check whether a CVE has a public exploit PoC.
    • Prioritize vulnerabilities backed by real exploit code.
    • Enrich internal reports and tickets with concrete exploit references.
  • CVE Fusion (type:cve) – our fused CVE collection is fully available on the website, just as before. It aggregates and normalizes data from multiple sources (CVE List, NVD, Vulnrichment, and others) and includes Vulners-generated CPE configurations, so you get:
    • One canonical CVE record instead of juggling several feeds.
    • Cleaner, more consistent enrichment data.
    • Easier mapping to affected products and configurations.

All of this is accessible via the web interface for anyone using Vulners, so you can explore CVEs, exploits, and advisories with more context — all for free, right in the web UI.

API Access by Document ID Is Now Free

We’re also making one of the most practical and popular endpoints completely free:

/api/v3/search/id/ no longer consumes API credits for any user.

This endpoint lets you fetch a document by its ID (for example, a CVE ID) directly from Vulners. If you already have vulnerability identifiers from scanners, ticketing systems, agentic AI systems via the MCP server, or other tools, you can now enrich them via Vulners without worrying about credit usage.

When you include the references=true parameter, Vulners returns all related documents for that ID in a single response, for example:

  • Vendor advisories
  • Exploit references
  • Bulletins and advisories
  • Related write-ups and artifacts

This makes Vulners a drop-in enrichment backend for:

  • Vulnerability scanners and asset management tools
  • Internal security dashboards and ticketing systems
  • CI/CD and DevSecOps workflows

You already have the CVE — now you can plug it into Vulners and get high-quality context back, without consuming credits on this endpoint.

What You Get via search/id on Each Tier

To keep the line clear between interactive research and full data feeds, records returned by search/id depend on your access level:

For free-tier users

  • When you request a CVE ID through search/id, you’ll get data from the CVE List collection (type:cvelist) for that CVE.
  • You can request NVD data explicitly from the type:nvd collection using NVD-prefixed IDs, for example: NVD:CVE-2000-12345.
  • Premium collections are not returned to free accounts via this API, but they remain fully accessible in the web interface.

For commercial and trial licenses

  • When you request a CVE ID through search/id, you’ll get Vulners’ fused CVE record (CVE Fusion) with all available enrichment and links from across our collections.
  • search/id returns any record available in the Vulners database, and this does not count against your API credit quota.

The free tier now gives you a stable, credit-free enrichment API for CVEs, and commercial access adds deeper, wider coverage for automation and product use without additional costs.

Other Changes

Alongside making the free tier more useful, we’re adjusting a couple of advanced features so that they live clearly on the commercial side.

Collection Downloads and Datasets

Full collection downloads (bulk data / datasets) are now only available for commercial and trial accounts, both:

  • via the API, and
  • via the website.

This is the kind of access typically used for:

  • Building security products and integrations
  • Large-scale analytics and research projects
  • Historical analysis and internal data warehouses

If you need this level of access, you can:

  • Request a free trial to try out collection downloads and see how they fit into your stack, or
  • Contact us if you specifically need datasets or bulk exports for a project or research — we’re happy to discuss options.

The idea is simple: the free tier focuses on working with the data, while commercial access powers large-scale consumption and integration.

search/lucene for Free Users: Focused Core Fields

For the /api/v3/search/lucene/ endpoint, we’re simplifying what free-tier responses look like:

  • Free-tier responses now include a focused, documented set of core fields that are most useful for everyday research and basic integrations.
  • The full, flexible field set remains available for commercial and trial users, where it powers complex correlation, product mapping, and advanced analytics.

If you’re already using search/lucene on the free tier, your queries will keep working — you’ll just see a more consistent and streamlined response shape. If you need richer or customized data structures for production workflows, that’s exactly where commercial access comes in.

Moving Forward

With this update, the free tier gets more capability where it matters most:

  • ✅ Premium collections data visible in the web portal for manual research and triage
  • ✅ Free, credit-less search/id API for CVE enrichment and quick integrations
  • ✅ Clear separation between interactive research (free) and large-scale automation / datasets (commercial)

Our focus is to keep Vulners:

  • Useful for the community — defenders, researchers, students, and ethical hackers
  • Reliable for products and teams that depend on large amounts of data and automation

If you rely on Vulners in your workflows, we’d love to hear from you:

  • How do you use the free tier today?
  • What else would make it more helpful for research and learning?
  • Which integrations or use cases should we optimize next?

Send us your feedback through our usual channels — and keep breaking, fixing, and securing things. We’ll keep evolving Vulners to give you better data and smoother workflows, whether you’re on the free tier or running it in production.