Security
CWE weakness lookup API
Resolve a CWE ID (e.g. CWE-79 or 79) to its name, abstraction, and plain-text description, plus — the value-add — its potential mitigations (phase + strategy + text), related weaknesses (parent/child/peer with nature), and real observed CVE examples, all extracted from MITRE's official CWE XML catalog (lazy-loaded keyless zip, unzipped in-process, cached daily). Answers 'what is CWE-79', 'how do I mitigate this weakness', 'what CVEs are examples of this CWE', 'what weaknesses are related to SQL injection'.
Price$0.01per request
MethodPOST
Route/v1/security/cwe
StatusLive
MIME typeapplication/json
Rate limit60/minute
Cache86400s public
securitycweweaknessvulnerabilitymitreappsecowaspsecure-coding
API URL
Integration docshttps://x402.hexl.dev/v1/security/cweExample request
{
"cweId": "CWE-79"
}Example response
{
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"abstraction": "Base",
"status": "Stable",
"description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page...",
"extendedDescription": "Cross-site scripting (XSS) vulnerabilities occur when...",
"mitigationCount": 12,
"mitigations": [
{
"phase": "Architecture and Design",
"strategy": "Libraries or Frameworks",
"description": "Use a vetted library or framework..."
}
],
"relatedWeaknesses": [
{
"nature": "ChildOf",
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"
}
],
"observedExamples": [
{
"cve": "CVE-2024-49038",
"description": "XSS in AI assistant",
"link": "https://www.cve.org/CVERecord?id=CVE-2024-49038"
}
]
}Input schema
{
"type": "object",
"required": [
"cweId"
],
"properties": {
"cweId": {
"type": "string",
"examples": [
"CWE-79"
]
}
}
}Output schema
{
"type": "object",
"additionalProperties": true
}