← Back to list
cve-lookup
by Mearman
Plugin marketplace distributing extensions that add skills, commands, hooks and custom agents to the code environment.
⭐ 2🍴 0📅 Jan 23, 2026
Run in ManusSKILL.md
name: cve-lookup description: Search for Common Vulnerabilities and Exposures (CVEs) by ID (e.g., CVE-2024-1086) or by product name (e.g., OpenSSL, Apache Tomcat). Get detailed vulnerability information including severity scores, affected software versions, and references. Use when the user wants to look up CVE information, check if a product has known vulnerabilities, or research security issues.
CVE Vulnerability Lookup
Search for Common Vulnerabilities and Exposures (CVEs) with detailed information including severity scores, affected software, and references.
Usage
npx tsx scripts/lookup.ts [cve-id | --product <name>] [options]
Arguments
| Argument | Required | Description |
|---|---|---|
cve-id | No* | Search by CVE ID (e.g., CVE-2024-1086) |
--product | No* | Search for CVEs affecting a product |
*Either cve-id or --product must be provided
Options
| Option | Description |
|---|---|
--no-cache | Bypass cache and fetch fresh data |
--limit=<n> | Limit results for product search (default: 10) |
Output
CVE ID Search Output:
📋 CVE-2024-1086
Severity: HIGH (7.8)
Published: 2024-01-15 12:30
Modified: 2024-01-20 08:45
Summary:
A buffer overflow vulnerability in Linux kernel network stack...
CVSS v3.1: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Software:
1. Linux Kernel - Versions 5.15 to 6.6, 6.7-rc1 to 6.7
Versions: 5.15.0, 5.16.0, 6.0.0, 6.1.0, 6.2.0 ... and 15 more
Weaknesses: CWE-120 (Buffer Copy without Checking Size of Input)
References:
1. https://nvd.nist.gov/vuln/detail/CVE-2024-1086
2. https://www.cisa.gov/news-events/alerts/2024/01/15/...
3. https://github.com/advisories/GHSA-...
Quick Start
npx tsx scripts/lookup.ts CVE-2024-1086
npx tsx scripts/lookup.ts --product OpenSSL
npx tsx scripts/lookup.ts --product "Apache Struts" --limit 20
Run from the cve-search plugin directory: ~/.claude/plugins/cache/cve-search/
Data Sources
The skill uses OpenCVE API as the primary data source:
- OpenCVE: Lightweight, JSON-based CVE database
- Coverage: Official CVE list with detailed metadata
- Update frequency: Synchronized with official CVE feeds
- No authentication: Public API, free to use
How It Works
CVE ID Lookup
When searching by CVE ID (e.g., CVE-2024-1086):
- Queries OpenCVE API with exact CVE identifier
- Returns complete vulnerability details
- Shows severity, CVSS score, affected products, and references
- Results cached for 24 hours
Product Search
When searching by product name (e.g., --product OpenSSL):
- Queries OpenCVE API with product search
- Returns matching CVEs (limited to specified count)
- Shows all vulnerabilities affecting that product
- Useful for identifying software risks
Output Format
CVE ID Search Output
📋 CVE-2024-1086
Severity: HIGH (7.8)
Published: 2024-01-15 12:30
Modified: 2024-01-20 08:45
Summary:
A buffer overflow vulnerability in Linux kernel network stack...
CVSS v3.1: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Software:
1. Linux Kernel - Versions 5.15 to 6.6, 6.7-rc1 to 6.7
Versions: 5.15.0, 5.16.0, 6.0.0, 6.1.0, 6.2.0 ... and 15 more
Weaknesses: CWE-120 (Buffer Copy without Checking Size of Input)
References:
1. https://nvd.nist.gov/vuln/detail/CVE-2024-1086
2. https://www.cisa.gov/news-events/alerts/2024/01/15/...
3. https://github.com/advisories/GHSA-...
Product Search Output
Searching for CVEs affecting "OpenSSL"...
Found 12 CVE(s):
📋 CVE-2023-6129
Severity: HIGH (7.5)
Published: 2023-11-28 12:00
Summary: PKCS #7 Signature Verification Bypass...
[truncated]
📋 CVE-2023-5678
Severity: MEDIUM (5.3)
...
API Response Format
OpenCVE Response Structure
{
"results": [
{
"cveid": "CVE-2024-1086",
"summary": "Buffer overflow in kernel network stack",
"severity": "HIGH",
"cvss": 7.8,
"cvss_v3": {
"score": 7.8,
"vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"created_at": "2024-01-15T12:30:00Z",
"updated_at": "2024-01-20T08:45:00Z",
"vendors": [
{
"name": "linux",
"product": "Linux Kernel",
"versions": ["5.15.0", "5.16.0", "6.0.0", ...]
}
],
"references": ["https://nvd.nist.gov/...", "..."],
"cwe": ["CWE-120"]
}
]
}
Use Cases
Security Audit
Check if deployed software has known vulnerabilities:
npx tsx scripts/lookup.ts --product "Apache Tomcat" --limit 50
Incident Response
Quickly look up a CVE mentioned in an alert:
npx tsx scripts/lookup.ts CVE-2024-1234
Dependency Scanning
Verify your project dependencies for known issues:
npx tsx scripts/lookup.ts --product "jQuery" --limit 20
Vulnerability Assessment
Research a specific vulnerability before patching:
npx tsx scripts/lookup.ts CVE-2024-1086 --no-cache
Caching
Results are cached for 24 hours by default. CVE information doesn't change frequently, so caching significantly improves performance.
Use --no-cache when:
- You need the latest CVE information
- Recently patched vulnerabilities may not be in cache
- Doing a fresh security assessment
Limitations
- Search coverage: Depends on OpenCVE's database (generally comprehensive for official CVE list)
- Real-time updates: Cached for 24 hours (use
--no-cachefor fresh data) - Product name matching: Uses substring search (may return unrelated CVEs)
- Rate limiting: OpenCVE API has rate limits (automatic backoff implemented)
- Detailed info: Some older CVEs may have incomplete metadata
Exit Codes
| Code | Meaning |
|---|---|
0 | Success (CVE found or search completed) |
1 | CVE not found or error occurred |
Examples
Find a specific vulnerability
npx tsx scripts/lookup.ts CVE-2024-1086
# Returns full details of the Linux kernel buffer overflow
Search for vulnerabilities in OpenSSL
npx tsx scripts/lookup.ts --product OpenSSL
# Returns up to 10 OpenSSL CVEs
Get all recent Django vulnerabilities
npx tsx scripts/lookup.ts --product "Django" --limit 30
# Returns up to 30 Django-related CVEs
Fresh lookup bypassing cache
npx tsx scripts/lookup.ts CVE-2024-1234 --no-cache
# Fetches latest data from OpenCVE API
Related Skills
- Use with version checking tools to identify if your installed version is vulnerable
- Combine with security scanning tools for comprehensive vulnerability assessment
- Cross-reference with GitHub Advisories for ecosystem-specific information
Troubleshooting
"CVE not found"
- CVE may not yet be in the public database
- Try with
--no-cacheto check latest database - Verify CVE ID format:
CVE-YYYY-NNNNN
No results for product search
- Product name may not match database naming
- Try alternate names (e.g., "Apache HTTP Server" vs "Apache")
- Check OpenCVE documentation for correct product names
Rate limit error
- Wait a moment and retry
- Use cached results from previous queries
- Limit number of simultaneous requests
References
Score
Total Score
65/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
○LICENSE
ライセンスが設定されている
0/10
✓説明文
100文字以上の説明がある
+10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
