Android Security Bulletin CVE API
CVEs from the monthly Android Security Bulletin as structured JSON - CVE ID, vulnerability type, and severity.
What this feed does
Google publishes Android's monthly security bulletins as static HTML tables with no API. This feed scrapes a bulletin on demand and returns every CVE as structured JSON - ID, vulnerability type (RCE / EoP / ID / DoS), and severity.
Structured, not scraped-by-you
Clean JSON with stable field names - no HTML parsing, no selectors to maintain when the site changes.
Pay only for what you pull
No subscription. $0.005 per record via Apify's metered billing; a typical pull is cents.
Human + agent ready
Call it from cURL, Python, or JS - or hand it to an AI agent as an MCP tool.
Always the latest
Scraped from the official source on every run, so you never ship stale data.
What each record contains
Every result is a JSON object with these fields.
| Field | Type | Description |
|---|---|---|
cve | string | CVE identifier (e.g. CVE-2025-XXXXX). |
type | string | Vulnerability type: RCE, EoP, ID, or DoS. |
severity | string | Google-assigned severity (Critical / High / Moderate). |
Live sample
The most recent records, straight from the feed. Live sample - fetched at build time
| cve | type | severity |
|---|---|---|
| CVE-2025-26456 | DoS | High |
| CVE-2025-26450 | EoP | High |
| CVE-2025-26452 | EoP | High |
| CVE-2025-26455 | EoP | High |
| CVE-2025-26458 | EoP | High |
| CVE-2025-26462 | EoP | High |
| CVE-2025-32312 | EoP | High |
| CVE-2025-26437 | ID | High |
Call it in one line
Runs the actor and returns the dataset. Swap in your Apify token.
curl "https://api.apify.com/v2/acts/zenolvepro~android-security-bulletin/run-sync-get-dataset-items?token=YOUR_APIFY_TOKEN"
from apify_client import ApifyClient
client = ApifyClient("YOUR_APIFY_TOKEN")
run = client.actor("zenolvepro/android-security-bulletin").call()
for row in client.dataset(run["defaultDatasetId"]).iterate_items():
print(row)import { ApifyClient } from 'apify-client';
const client = new ApifyClient({ token: 'YOUR_APIFY_TOKEN' });
const run = await client.actor('zenolvepro/android-security-bulletin').call();
const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);https://mcp.apify.com?tools=zenolvepro/android-security-bulletin
Point any MCP-capable agent at this endpoint and the feed becomes a callable tool.
Who uses it
Mobile-security teams, MDM vendors, and vulnerability-management platforms use it for monitoring, benchmarking, alerting, and enrichment.
Pricing
Billed through Apify. A tiny per-run start fee ($0.00005) applies. Only pay for records you actually pull.