CVE Search: Tools for searching vulnerabilities by CVE ID, product name, or vendor, with detailed vulnerability information and dependency auditing
Version: v0.3.0
Install: /plugin install cve-search@mearman
Automatically scan your project's dependencies and identify known Common Vulnerabilities and Exposures (CVEs). Supports Node.js, Python, Ruby, Go, and Maven projects.
# Scan current directory
npx tsx scripts/audit.ts
# Scan specific directory
npx tsx scripts/audit.ts /path/to/project
# Only show critical vulnerabilities
npx tsx scripts/audit.ts --severity critical
# Get fresh data (bypass cache)
npx tsx scripts/audit.ts --no-cache
# Output as JSON
npx tsx scripts/audit.ts --jsonRun from the cve-search plugin directory: ~/.claude/plugins/cache/cve-search/
npx tsx scripts/audit.ts [directory] [options]| Option | Description |
|---|---|
[directory] |
Directory to scan (default: current directory) |
--severity <level> |
Filter by severity: critical, high, medium, low |
--no-cache |
Bypass cache and fetch fresh data |
--json |
Output results as JSON |
--help |
Show help message |
The skill automatically detects and parses dependency files from multiple ecosystems:
- File:
package.json - Detects:
dependencies,devDependencies,peerDependencies - Example:
"express": "^4.18.0"
- File:
requirements.txt - Detects: Pinned versions and ranges
- Example:
django==3.2.10orrequests>=2.25.0
- File:
Gemfile - Detects: Gem dependencies with versions
- Example:
gem 'rails', '~> 6.1.0'
- File:
go.mod - Detects: Direct and indirect dependencies
- Example:
require github.com/user/repo v1.2.3
- File:
pom.xml - Detects: Project and transitive dependencies
- Example:
<artifactId>log4j-core</artifactId>
- Discovery: Scans for supported dependency files in the directory
- Parsing: Extracts package names and versions from each file
- Searching: Queries CVE database for each dependency
- Filtering: Identifies which vulnerabilities affect installed versions
- Reporting: Displays results sorted by severity
🔍 Scanning for dependencies in /home/user/myproject...
Found dependency files: package.json, requirements.txt
Scanning 45 dependencies for CVEs...
📊 Audit Results
Total vulnerabilities found: 8
🔴 Critical: 1 | 🟠 High: 2 | 🟡 Medium: 4 | 🔵 Low: 1
Showing 3 critical/high vulnerabilities:
📦 [email protected] - 2 vulnerability(ies)
🔴 CVE-2024-1234
Score: 9.2 | Buffer overflow in request parsing
🟠 CVE-2024-5678
Score: 7.1 | Path traversal in static file handling
─────────────────────────────────────────────────────────────
🐍 [email protected] - 1 vulnerability(ies)
🟠 CVE-2024-9999
Score: 7.5 | SQL injection in ORM query handling
─────────────────────────────────────────────────────────────
⚠️ Recommendations:
1. Update dependencies to patched versions
2. Review CVE details at https://cve.mitre.org/
3. Use --no-cache for latest vulnerability data
npx tsx scripts/audit.ts --jsonReturns structured data:
{
"dependencies": [
{
"name": "express",
"version": "4.18.0",
"source": "npm",
"file": "/path/to/package.json"
}
],
"vulnerabilities": [
{
"cveId": "CVE-2024-1234",
"dependency": { "name": "express", "version": "4.18.0", ... },
"severity": "CRITICAL",
"score": 9.2,
"summary": "Buffer overflow in request parsing",
"affectsVersion": true
}
],
"summary": {
"total": 8,
"critical": 1,
"high": 2,
"medium": 4,
"low": 1
}
}Verify your production dependencies are safe:
npx tsx scripts/audit.ts /app/backend --severity criticalRegular checks to catch newly discovered vulnerabilities:
npx tsx scripts/audit.ts . --no-cacheExport vulnerability data for security reviews:
npx tsx scripts/audit.ts . --json > vulnerability-report.jsonAlert on only the most severe vulnerabilities:
npx tsx scripts/audit.ts . --severity critical --jsonAudit multiple projects in a monorepo:
npx tsx scripts/audit.ts services/auth
npx tsx scripts/audit.ts services/api
npx tsx scripts/audit.ts services/web| Level | CVSS Range | Icon | Meaning |
|---|---|---|---|
| CRITICAL | 9.0-10.0 | 🔴 | Immediate patching required |
| HIGH | 7.0-8.9 | 🟠 | Schedule patching soon |
| MEDIUM | 4.0-6.9 | 🟡 | Monitor and plan updates |
| LOW | 0.1-3.9 | 🔵 | Low risk, update when convenient |
| UNKNOWN | N/A | ⚪ | Unable to determine severity |
Results are cached for 24 hours by default. CVE information doesn't change frequently, so caching improves performance.
Use --no-cache when:
- Running scheduled security audits
- Recently discovered vulnerabilities may not be cached
- Doing a fresh security assessment
- Setting up CI/CD pipelines
| Code | Meaning |
|---|---|
0 |
Success (no vulnerabilities found or filtered) |
1 |
Vulnerabilities found (or error occurred) |
cd ~/myapp
npx tsx scripts/audit.ts
# Scans package.json and devDependenciescd ~/myproject
npx tsx scripts/audit.ts . --severity high
# Scans requirements.txt, shows only HIGH and CRITICALnpx tsx scripts/audit.ts /path/to/go/project --no-cache
# Scans go.mod with latest CVE datanpx tsx scripts/audit.ts --json > audit-report.json
# Machine-readable format for parsing/integration# Fail if any critical vulnerabilities found
npx tsx scripts/audit.ts --severity critical
if [ $? -ne 0 ]; then
echo "Critical vulnerabilities detected!"
exit 1
fi- Version matching: Uses simple semantic versioning comparison
- Direct dependencies only: Scans only direct dependencies listed in source files (not transitive dependencies from lock files)
- Ruby Gemfile: Only scans gems with explicit version specifications in Gemfile (use Gemfile.lock for complete dependency information)
- Platform-specific vulnerabilities: Shows all known CVEs regardless of platform
- Rate limiting: OpenCVE API may limit requests (automatic backoff handled)
- Accuracy: Depends on CVE database accuracy and product name matching
- Typical scan time: 10-60 seconds (depending on dependency count and network)
- Caching: Significantly reduces repeat scan time
- Parallel searches: Could be optimized with concurrent API requests
- Ensure your project has one of the supported files:
package.json(Node.js)requirements.txt(Python)Gemfile(Ruby)go.mod(Go)pom.xml(Maven)
- Dependency names must match OpenCVE database naming
- Some packages use different names in CVE vs package manager
- Try searching individual dependencies with
cve-lookupskill
- Your dependencies may be up-to-date
- Try with
--no-cacheto check latest database - Verify dependency files are valid
- Wait a moment and retry
- Use cached results from previous queries
- Reduce severity level to scan fewer CVEs
- cve-lookup: Search for individual CVEs by ID or product name
- Combine with version managers to get patches
- Use results with dependency update tools
- OpenCVE Documentation
- Official CVE Database
- CVSS Scoring Guide
- OWASP Dependency Check - Similar tool for comparison
- npm Audit Documentation
- Python PEP 508 - Dependency specification
Search for Common Vulnerabilities and Exposures (CVEs) with detailed information including severity scores, affected software, and references.
npx tsx scripts/lookup.ts [cve-id | --product <name>] [options]| Argument | Required | Description |
|---|---|---|
cve-id |
No* | Search by CVE ID (e.g., CVE-2024-1086) |
--product |
No* | Search for CVEs affecting a product |
*Either cve-id or --product must be provided
| Option | Description |
|---|---|
--no-cache |
Bypass cache and fetch fresh data |
--limit=<n> |
Limit results for product search (default: 10) |
CVE ID Search Output:
📋 CVE-2024-1086
Severity: HIGH (7.8)
Published: 2024-01-15 12:30
Modified: 2024-01-20 08:45
Summary:
A buffer overflow vulnerability in Linux kernel network stack...
CVSS v3.1: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Software:
1. Linux Kernel - Versions 5.15 to 6.6, 6.7-rc1 to 6.7
Versions: 5.15.0, 5.16.0, 6.0.0, 6.1.0, 6.2.0 ... and 15 more
Weaknesses: CWE-120 (Buffer Copy without Checking Size of Input)
References:
1. https://nvd.nist.gov/vuln/detail/CVE-2024-1086
2. https://www.cisa.gov/news-events/alerts/2024/01/15/...
3. https://github.com/advisories/GHSA-...
npx tsx scripts/lookup.ts CVE-2024-1086
npx tsx scripts/lookup.ts --product OpenSSL
npx tsx scripts/lookup.ts --product "Apache Struts" --limit 20Run from the cve-search plugin directory: ~/.claude/plugins/cache/cve-search/
The skill uses OpenCVE API as the primary data source:
- OpenCVE: Lightweight, JSON-based CVE database
- Coverage: Official CVE list with detailed metadata
- Update frequency: Synchronized with official CVE feeds
- No authentication: Public API, free to use
When searching by CVE ID (e.g., CVE-2024-1086):
- Queries OpenCVE API with exact CVE identifier
- Returns complete vulnerability details
- Shows severity, CVSS score, affected products, and references
- Results cached for 24 hours
When searching by product name (e.g., --product OpenSSL):
- Queries OpenCVE API with product search
- Returns matching CVEs (limited to specified count)
- Shows all vulnerabilities affecting that product
- Useful for identifying software risks
📋 CVE-2024-1086
Severity: HIGH (7.8)
Published: 2024-01-15 12:30
Modified: 2024-01-20 08:45
Summary:
A buffer overflow vulnerability in Linux kernel network stack...
CVSS v3.1: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Software:
1. Linux Kernel - Versions 5.15 to 6.6, 6.7-rc1 to 6.7
Versions: 5.15.0, 5.16.0, 6.0.0, 6.1.0, 6.2.0 ... and 15 more
Weaknesses: CWE-120 (Buffer Copy without Checking Size of Input)
References:
1. https://nvd.nist.gov/vuln/detail/CVE-2024-1086
2. https://www.cisa.gov/news-events/alerts/2024/01/15/...
3. https://github.com/advisories/GHSA-...
Searching for CVEs affecting "OpenSSL"...
Found 12 CVE(s):
📋 CVE-2023-6129
Severity: HIGH (7.5)
Published: 2023-11-28 12:00
Summary: PKCS #7 Signature Verification Bypass...
[truncated]
📋 CVE-2023-5678
Severity: MEDIUM (5.3)
...
{
"results": [
{
"cveid": "CVE-2024-1086",
"summary": "Buffer overflow in kernel network stack",
"severity": "HIGH",
"cvss": 7.8,
"cvss_v3": {
"score": 7.8,
"vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"created_at": "2024-01-15T12:30:00Z",
"updated_at": "2024-01-20T08:45:00Z",
"vendors": [
{
"name": "linux",
"product": "Linux Kernel",
"versions": ["5.15.0", "5.16.0", "6.0.0", ...]
}
],
"references": ["https://nvd.nist.gov/...", "..."],
"cwe": ["CWE-120"]
}
]
}Check if deployed software has known vulnerabilities:
npx tsx scripts/lookup.ts --product "Apache Tomcat" --limit 50Quickly look up a CVE mentioned in an alert:
npx tsx scripts/lookup.ts CVE-2024-1234Verify your project dependencies for known issues:
npx tsx scripts/lookup.ts --product "jQuery" --limit 20Research a specific vulnerability before patching:
npx tsx scripts/lookup.ts CVE-2024-1086 --no-cacheResults are cached for 24 hours by default. CVE information doesn't change frequently, so caching significantly improves performance.
Use --no-cache when:
- You need the latest CVE information
- Recently patched vulnerabilities may not be in cache
- Doing a fresh security assessment
- Search coverage: Depends on OpenCVE's database (generally comprehensive for official CVE list)
- Real-time updates: Cached for 24 hours (use
--no-cachefor fresh data) - Product name matching: Uses substring search (may return unrelated CVEs)
- Rate limiting: OpenCVE API has rate limits (automatic backoff implemented)
- Detailed info: Some older CVEs may have incomplete metadata
| Code | Meaning |
|---|---|
0 |
Success (CVE found or search completed) |
1 |
CVE not found or error occurred |
npx tsx scripts/lookup.ts CVE-2024-1086
# Returns full details of the Linux kernel buffer overflownpx tsx scripts/lookup.ts --product OpenSSL
# Returns up to 10 OpenSSL CVEsnpx tsx scripts/lookup.ts --product "Django" --limit 30
# Returns up to 30 Django-related CVEsnpx tsx scripts/lookup.ts CVE-2024-1234 --no-cache
# Fetches latest data from OpenCVE API- Use with version checking tools to identify if your installed version is vulnerable
- Combine with security scanning tools for comprehensive vulnerability assessment
- Cross-reference with GitHub Advisories for ecosystem-specific information
- CVE may not yet be in the public database
- Try with
--no-cacheto check latest database - Verify CVE ID format:
CVE-YYYY-NNNNN
- Product name may not match database naming
- Try alternate names (e.g., "Apache HTTP Server" vs "Apache")
- Check OpenCVE documentation for correct product names
- Wait a moment and retry
- Use cached results from previous queries
- Limit number of simultaneous requests