How do I search for a specific CVE vulnerability?

You can search by CVE ID by running the lookup script followed by the identifier, for example: npx tsx scripts/lookup.ts CVE-2024-1086.

Can I check all vulnerabilities for a specific software product?

Yes, use the --product flag followed by the product name, such as 'OpenSSL' or 'Apache Tomcat', to list all matching vulnerabilities.

Where does the vulnerability data come from?

The skill utilizes the OpenCVE API, which aggregates data from official CVE feeds and the NIST National Vulnerability Database.

How do I ensure I am seeing the most recent security data?

While the skill caches results for 24 hours to improve speed, you can use the --no-cache flag to bypass the cache and fetch fresh data from the API.

Is an API key required to use CVE lookup?

No, this skill uses the public OpenCVE API which does not require authentication, making it ready to use immediately after installation.

CVE Vulnerability Lookup

Name: CVE Vulnerability Lookup
Author: Mearman

byMearman

•

安全与测试

Retrieves detailed information about Common Vulnerabilities and Exposures (CVEs) and affected software versions directly within your development environment.

关于

The CVE Vulnerability Lookup skill enables developers and security researchers to perform rapid security assessments by querying the OpenCVE database. It provides comprehensive metadata for specific vulnerability IDs or entire product lines, including CVSS severity scores, affected version ranges, and direct links to mitigation references. This tool is essential for identifying risks in project dependencies, conducting security audits, and streamlining incident response workflows without leaving the terminal.

主要功能

Discover all known CVEs affecting a particular software product or vendor
Local 24-hour caching system with a manual bypass for real-time updates
Search for specific vulnerabilities using standard CVE identifiers
View detailed CVSS v3.1 severity scores and impact vectors
Identify specific software version ranges impacted by security flaws
2 GitHub stars

使用场景

Verifying the security posture of third-party dependencies before integration
Researching remediation steps and references during active incident response
Auditing production software stacks for known security vulnerabilities

关于

主要功能

Discover all known CVEs affecting a particular software product or vendor
Local 24-hour caching system with a manual bypass for real-time updates
Search for specific vulnerabilities using standard CVE identifiers
View detailed CVSS v3.1 severity scores and impact vectors
Identify specific software version ranges impacted by security flaws
2 GitHub stars

使用场景

Verifying the security posture of third-party dependencies before integration
Researching remediation steps and references during active incident response
Auditing production software stacks for known security vulnerabilities