VEX Statements API
Retrieve HeroDevs OpenVEX statements
GET /api/ontology/vex/statements
Returns HeroDevs' OpenVEX document for all NES packages.
Request Examples
- Full feed:
curl -sSL https://apps.herodevs.com/api/ontology/vex/statements
Response (excerpt)
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://openvex.dev/docs/public/vex-c5b2a754-8148-4f77-9acb-9b917783ce64",
"author": "HeroDevs",
"version": 1,
"timestamp": "2026-02-02T19:00:53.929841086Z",
"statements": [
{
"vulnerability": {
"name": "CVE-2025-41249",
"aliases": [
"GHSA-jmp9-x22r-554x"
]
},
"products": [
{
"@id": "pkg:maven/org.springframework/spring-core@5.3.39-spring-framework-5.3.48"
},
{
"@id": "pkg:maven/org.springframework/spring-core@5.3.39-spring-framework-5.3.49"
}
],
"status": "fixed"
}
]
"nes": {}
}
Error Handling
| Code | Meaning |
|---|---|
| 200 | OK |
| 429 | Too Many Requests |
| 500 | Internal Server Error |
| 502/503 | Bad Gateway / Unavailable |
| 504 | Gateway Timeout |
Notes
- The top-level
nesobject is reserved for future HeroDevs metadata; ignore unknown fields. - The endpoint is unauthenticated today; if rate-limit pressure grows we may require lightweight credentials for throttling (advance notice will be given).
- 504 responses are rare; they are documented here for completeness during occasional high-load periods.