Phoenix Security CVE Intelligence

Documentation

Understand the platform, the main pages, the public REST API, Swagger, MCP, scoring outputs, and Malware Package Intelligence — without exposing internal scoring weights or pipeline internals.

Swagger REST API MCP

Platform

Phoenix Security CVE Intelligence brings vulnerability records, exploitation signals, product and package context, threat intelligence, and curated security research into one platform. It is designed for security teams, developers, analysts, and automation clients that need one place to search, triage, enrich, and act on vulnerability intelligence.

CVE intelligence

Search and inspect CVEs with CVSS, EPSS, KEV, exploit, patch, product, and threat context.

Product and package intelligence

Understand vendor, product, library, package, end-of-life, license, and supply-chain risk signals.

Operational workflows

Use dashboards, alerts, saved items, firewall checks, and admin tools to move from research to action.

Programmatic access

Integrate through public REST APIs, Swagger/OpenAPI, GraphQL, and MCP where enabled for your tier.

Pages

The web application is organized around common vulnerability and supply-chain workflows.

CVE Search

Search CVEs by identifier, keyword, severity, product, year, and intelligence signals.

CVE Detail

Review vulnerability details, enrichment, scoring outputs, exploit context, remediation guidance, and related actions.

Phoenix Intelligence

Explore high-profile, trending, exploited, ransomware-associated, and enterprise-watchlist vulnerabilities.

Products and libraries

Inspect vendors, products, CPEs, software libraries, licenses, package risk, and end-of-life intelligence.

Malware Package Intelligence

View public package malware intelligence, package dossiers, Phoenix Risk bands, and MITRE-mapped package behavior.

Supply Chain Firewall

Configure package policy checks, rule authoring, webhook workflows, approvals, and audit views.

Alerts and dashboards

Manage saved CVEs, alerts, API keys, account settings, analytics, and admin workflows based on your role.

Reference pages

Use CVSS, EPSS, KEV, CWE, OWASP, CNA, EUVD, calendar, patch, and source intelligence pages for focused analysis.

REST API

The public REST API is exposed under /api/v1/*. Endpoints use API keys, UI session authentication, or optional public access depending on the operation. Responses are tier-filtered so each user or API key receives the fields allowed for its access level.

  • Core CVE, scoring, product, package, EOL, malware, alert, and user operations are served through REST endpoints.
  • API keys are sent with the X-API-Key header.
  • Rate-limit and usage headers may be returned for API-key calls.
  • Use Swagger/OpenAPI for the exact endpoint list and request schemas in the environment you are calling.

Swagger And OpenAPI

Swagger provides the generated REST API reference for the current backend. Public Swagger is available at /api/docs in environments where public API documentation is enabled. The generated public OpenAPI schema is available at /api/openapi.json under the same environment policy.

For a human-readable API overview, open Phoenix Public API. Treat Swagger as the exact endpoint contract and this page as the product-level guide.

MCP

The MCP surface lets LLM tools and agent clients call Phoenix intelligence through JSON-RPC. It is available at /api/v1/mcp when MCP is enabled, with aliases for common clients at /api/v1/mcp/claude and /api/v1/mcp/chatgpt.

  • MCP requires an API key with an MCP-capable scope.
  • Available tools and response detail depend on the API key tier.
  • Common use cases include CVE lookup, package intelligence, EOL context, and agent-ready security checks.

Detailed setup is in the MCP integration guide for engineering users.

Scoring Systems

Phoenix scoring systems turn raw vulnerability, product, package, exploit, advisory, and threat signals into readable outputs. Public documentation explains what each score means and how to use it, without exposing formulas, proprietary weights, or internal tuning details.

PS-HP

Highlights CVEs with broad operational importance based on exploitation, visibility, enterprise relevance, and threat context.

PS-OSS

Summarizes open-source package risk using vulnerability, exploit, popularity, license, maintenance, and compromise context.

PS-PHS

Expresses product health as an easy-to-read grade based on risk pressure and remediation posture.

PS-PVS

Captures product and vendor intelligence to help compare exposure and security posture across vendors.

PS-TTS

Summarizes threat-type impact and reference frequency signals for vulnerability trend analysis.

PS-ADQE

Estimates advisory source quality so users can understand how much confidence to place in advisory-derived context.

PHX-Neural

Shows the package malware heuristic band used on public malware intelligence pages without exposing internal scoring detail.

Phoenix Risk

Combines malware and vulnerability context into a public risk band for package intelligence workflows.

Malware Package Intelligence

Malware Package Intelligence helps identify risky or malicious packages across software ecosystems. At a high level, the pipeline collects package and feed intelligence, scans package artifacts, classifies findings, sends uncertain or high-risk items through additional review, and publishes tier-filtered intelligence to dashboards, APIs, and firewall workflows.

  1. Ingest: collect package and feed signals from supported ecosystems and threat-intelligence sources.
  2. Analyze: inspect package metadata and artifacts for suspicious behaviors and known malicious indicators.
  3. Classify: produce a clean, inconclusive, suspicious, or malicious outcome suitable for review and automation.
  4. Review: support operator workflows for validation, dispute handling, and promotion to public intelligence.
  5. Protect: expose confirmed intelligence through package pages, REST APIs, MCP, webhooks, and Supply Chain Firewall controls.

Access Tiers

Phoenix uses tier-aware access control across the web app, REST API, GraphQL, and MCP. Public and Free experiences show broad vulnerability context. Registered users receive standard saved-workflow and API access. Pro and Enterprise tiers unlock deeper enrichment, higher-volume workflows, and more detailed intelligence where permitted.

Tier filtering is enforced server-side; frontend labels are only presentation.

Changelog

Release highlights for customer-visible platform updates are published in the Public Changelog. This includes feature additions, user-facing behavior updates, and documentation-impacting releases.

Public release notes

Open the customer-facing changelog for the latest curated release updates.

Open Public Changelog

Update policy

Major and minor release updates are synchronized into public changelog artifacts as part of the release flow.

Support And Next Steps

Use the web app

Search CVEs, inspect package malware intelligence, or open scoring reference pages.

Integrate with REST

Open Swagger or the public API overview.

Connect agents

Use MCP endpoints with an MCP-capable API key and tier-filtered tools via /api/v1/mcp.

Get access

Sign in or request access for dashboards, API keys, saved workflows, and higher-tier intelligence.