Search the NVD (National Vulnerability Database) for CVEs by keyword, CVSS severity, CWE ID, or date range. Returns matching CVEs with CVSS scores, descriptions, and affected products.

Get full details for a specific CVE from NVD — CVSS score, severity, CWE, affected products (CPE), references, and status.

Get recently published or modified CVEs from NVD. Useful for monitoring new vulnerabilities.

Search CVEs by vendor or product name. Uses NVD keyword exact match to find all vulnerabilities for a specific technology (e.g., 'Apache Log4j', 'Microsoft Exchange').

Get EPSS (Exploit Prediction Scoring System) score for one or more CVEs. Returns the probability of exploitation within 30 days and percentile ranking.

Get the top CVEs ranked by EPSS exploitation probability. Shows the most likely-to-be-exploited vulnerabilities.

Check if CVE(s) are in CISA's Known Exploited Vulnerabilities (KEV) catalog. KEV entries are actively exploited in the wild and require urgent patching.

Search CISA KEV catalog by vendor, product, or keyword. Find known exploited vulnerabilities for specific technologies.

Get recently added entries to CISA KEV catalog. Monitor for newly confirmed actively-exploited vulnerabilities.

Search GitHub Advisory Database for security advisories. Filter by ecosystem (npm, pip, maven, etc.), severity, or CVE/GHSA ID.

Get full details of a GitHub security advisory by GHSA ID or CVE ID. Includes affected packages, CVSS, and patch information.

Query Google OSV for known vulnerabilities affecting a specific package version. Supports all major ecosystems (npm, PyPI, Maven, Go, etc.).

Get full vulnerability details from OSV by ID. Accepts OSV IDs (OSV-xxx), GHSA IDs (GHSA-xxx), CVE IDs (CVE-xxx), or ecosystem-specific IDs (PYSEC-xxx, RUSTSEC-xxx).

Batch query OSV for vulnerabilities across multiple packages at once. Efficient for scanning a dependency list.

Search for public PoC exploits and exploit code for a CVE on GitHub. Returns repositories with proof-of-concept code, sorted by stars.

Look up a CWE (Common Weakness Enumeration) by ID or search by keyword. Returns name, description, and category for the top 40+ most common CWEs.

Parse a CVSS v3.x vector string into a human-readable breakdown. Explains each metric, calculates the base score, and provides a plain-English summary.

Full CVE enrichment — queries NVD, EPSS, KEV, GitHub Advisory, and OSV in parallel for comprehensive vulnerability intelligence. Returns CVSS, exploitation probability, KEV status, affected packages, and a computed risk score.

Rank a list of CVEs by exploitation risk. Combines CVSS score, EPSS probability, and KEV status into a unified risk score. Higher score = patch first.

Get currently trending/hot CVEs — vulnerabilities with the highest exploitation probability right now. Combines EPSS scores with NVD details and KEV status.

Compare two CVEs side by side. Shows CVSS, EPSS, KEV status, affected products, and risk scores with a comparison summary highlighting which is more dangerous.

List all vulnerability data sources and their current availability. Shows which APIs are reachable and whether optional API keys are configured.

Generate a markdown vulnerability report for a list of CVEs. Includes NVD details, EPSS scores, KEV status, and remediation priority.