| name | cve-search |
| description | Searches the NIST NVD database for CVE vulnerabilities using API 2.0. Returns CVE details, CVSS scores, affected software, and references. Use when user asks about "CVE", "vulnerability database", "NIST", "NVD", "security advisory", "CVE-2024", "CVE-2023", "脆弱性", "セキュリティアドバイザリ", or wants to find known vulnerabilities for specific software. |
CVE Search 🔍💰
Search the National Vulnerability Database for known vulnerabilities. Every CVE you find in your target's stack is potential bounty money.
Why CVE Hunting Matters
You: "They're running jQuery 3.4.1"
NVD: "CVE-2020-11023 - XSS in jQuery < 3.5.0"
You: "That's a free $500-$2,000 finding"
Quick Start
# Search by keyword (e.g., software name)
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "jquery"
# Search by specific CVE ID
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cve "CVE-2021-44228"
# Search by CWE (find all XSS CVEs)
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cwe "CWE-79"
# Search by severity
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "apache" --severity "CRITICAL"
# Recent CVEs (last 30 days)
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "wordpress" --days 30
# JSON output
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "react" --json
API Parameters
| Parameter |
Description |
Example |
--keyword |
Search term (software, vendor) |
--keyword "react" |
--cve |
Specific CVE ID |
--cve "CVE-2023-12345" |
--cwe |
CWE ID filter |
--cwe "CWE-89" |
--severity |
CVSS v3 severity |
--severity "HIGH" |
--days |
Published in last N days |
--days 90 |
--limit |
Max results (default 10) |
--limit 20 |
Severity Levels
| Severity |
CVSS Score |
Bounty Potential |
| CRITICAL |
9.0 - 10.0 |
$5,000 - $50,000+ |
| HIGH |
7.0 - 8.9 |
$2,000 - $10,000 |
| MEDIUM |
4.0 - 6.9 |
$500 - $3,000 |
| LOW |
0.1 - 3.9 |
$100 - $500 |
Response Format
### CVE-2021-44228 (Log4Shell) 💰💰💰
**Severity**: CRITICAL (10.0)
**Bounty Estimate**: $10,000 - $50,000+
**Summary**:
Apache Log4j2 allows RCE via JNDI lookup in log messages...
**Affected Versions**:
- Apache Log4j 2.0-beta9 to 2.14.1
**CWE**: CWE-502 (Deserialization of Untrusted Data)
**Attack Vector**:
- Network exploitable
- No authentication required
- User interaction: None
**References**:
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- https://logging.apache.org/log4j/2.x/security.html
**Exploit Available**: Yes (public exploits exist)
Hunting Workflow
- Identify Stack: What software/versions is the target using?
- Search NVD: Look for CVEs affecting those versions
- Assess Impact: Can you actually exploit it on the target?
- Document: Include CVE reference in your report
Rate Limiting
- Public API: 5 requests per 30 seconds
- With API Key: 50 requests per 30 seconds
The script automatically handles rate limiting with delays.
Pro Tips
Stack Fingerprinting
# Check JavaScript libraries
curl -s target.com | grep -oE '(jquery|react|angular|vue)[^"]*\.js'
# Check response headers
curl -I target.com | grep -i 'x-powered-by\|server'
# Then search for CVEs
npx cve-search --keyword "nginx 1.18"
High-Value Targets
# Log4j (still paying out)
npx cve-search --cve "CVE-2021-44228"
# Spring4Shell
npx cve-search --cve "CVE-2022-22965"
# Recent critical CVEs
npx cve-search --severity "CRITICAL" --days 90
CWE-based Hunting
# Find all SQL injection CVEs
npx cve-search --cwe "CWE-89" --keyword "wordpress"
# Find all XSS CVEs for jQuery
npx cve-search --cwe "CWE-79" --keyword "jquery"
Output Fields
| Field |
Description |
id |
CVE identifier |
description |
Vulnerability summary |
severity |
CRITICAL/HIGH/MEDIUM/LOW |
score |
CVSS v3 base score |
cwes |
Related CWE identifiers |
affected |
Affected software/versions |
references |
Links to advisories/patches |
published |
Publication date |
exploitAvailable |
Whether public exploit exists |
External Resources