AgentSkillsCN

cve-lookup

按 ID(如 CVE-2024-1086)或产品名称(如 OpenSSL、Apache Tomcat)搜索常见漏洞与暴露(CVE)。获取详细的漏洞信息,包括严重性评分、受影响的软件版本以及相关参考文献。当用户希望查询 CVE 信息、检查某产品是否存在已知漏洞,或深入研究安全问题时,可使用此功能。

SKILL.md
--- frontmatter
name: cve-lookup
description: Search for Common Vulnerabilities and Exposures (CVEs) by ID (e.g., CVE-2024-1086) or by product name (e.g., OpenSSL, Apache Tomcat). Get detailed vulnerability information including severity scores, affected software versions, and references. Use when the user wants to look up CVE information, check if a product has known vulnerabilities, or research security issues.

CVE Vulnerability Lookup

Search for Common Vulnerabilities and Exposures (CVEs) with detailed information including severity scores, affected software, and references.

Usage

bash
npx tsx scripts/lookup.ts [cve-id | --product <name>] [options]

Arguments

ArgumentRequiredDescription
cve-idNo*Search by CVE ID (e.g., CVE-2024-1086)
--productNo*Search for CVEs affecting a product

*Either cve-id or --product must be provided

Options

OptionDescription
--no-cacheBypass cache and fetch fresh data
--limit=<n>Limit results for product search (default: 10)

Output

CVE ID Search Output:

code
📋 CVE-2024-1086
Severity: HIGH (7.8)
Published: 2024-01-15 12:30
Modified: 2024-01-20 08:45

Summary:
  A buffer overflow vulnerability in Linux kernel network stack...

CVSS v3.1: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Software:
  1. Linux Kernel - Versions 5.15 to 6.6, 6.7-rc1 to 6.7
     Versions: 5.15.0, 5.16.0, 6.0.0, 6.1.0, 6.2.0 ... and 15 more

Weaknesses: CWE-120 (Buffer Copy without Checking Size of Input)

References:
  1. https://nvd.nist.gov/vuln/detail/CVE-2024-1086
  2. https://www.cisa.gov/news-events/alerts/2024/01/15/...
  3. https://github.com/advisories/GHSA-...

Quick Start

bash
npx tsx scripts/lookup.ts CVE-2024-1086
npx tsx scripts/lookup.ts --product OpenSSL
npx tsx scripts/lookup.ts --product "Apache Struts" --limit 20

Run from the cve-search plugin directory: ~/.claude/plugins/cache/cve-search/

Data Sources

The skill uses OpenCVE API as the primary data source:

  • OpenCVE: Lightweight, JSON-based CVE database
  • Coverage: Official CVE list with detailed metadata
  • Update frequency: Synchronized with official CVE feeds
  • No authentication: Public API, free to use

How It Works

CVE ID Lookup

When searching by CVE ID (e.g., CVE-2024-1086):

  1. Queries OpenCVE API with exact CVE identifier
  2. Returns complete vulnerability details
  3. Shows severity, CVSS score, affected products, and references
  4. Results cached for 24 hours

Product Search

When searching by product name (e.g., --product OpenSSL):

  1. Queries OpenCVE API with product search
  2. Returns matching CVEs (limited to specified count)
  3. Shows all vulnerabilities affecting that product
  4. Useful for identifying software risks

Output Format

CVE ID Search Output

code
📋 CVE-2024-1086
Severity: HIGH (7.8)
Published: 2024-01-15 12:30
Modified: 2024-01-20 08:45

Summary:
  A buffer overflow vulnerability in Linux kernel network stack...

CVSS v3.1: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Software:
  1. Linux Kernel - Versions 5.15 to 6.6, 6.7-rc1 to 6.7
     Versions: 5.15.0, 5.16.0, 6.0.0, 6.1.0, 6.2.0 ... and 15 more

Weaknesses: CWE-120 (Buffer Copy without Checking Size of Input)

References:
  1. https://nvd.nist.gov/vuln/detail/CVE-2024-1086
  2. https://www.cisa.gov/news-events/alerts/2024/01/15/...
  3. https://github.com/advisories/GHSA-...

Product Search Output

code
Searching for CVEs affecting "OpenSSL"...

Found 12 CVE(s):

📋 CVE-2023-6129
Severity: HIGH (7.5)
Published: 2023-11-28 12:00

Summary: PKCS #7 Signature Verification Bypass...
[truncated]

📋 CVE-2023-5678
Severity: MEDIUM (5.3)
...

API Response Format

OpenCVE Response Structure

json
{
  "results": [
    {
      "cveid": "CVE-2024-1086",
      "summary": "Buffer overflow in kernel network stack",
      "severity": "HIGH",
      "cvss": 7.8,
      "cvss_v3": {
        "score": 7.8,
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
      },
      "created_at": "2024-01-15T12:30:00Z",
      "updated_at": "2024-01-20T08:45:00Z",
      "vendors": [
        {
          "name": "linux",
          "product": "Linux Kernel",
          "versions": ["5.15.0", "5.16.0", "6.0.0", ...]
        }
      ],
      "references": ["https://nvd.nist.gov/...", "..."],
      "cwe": ["CWE-120"]
    }
  ]
}

Use Cases

Security Audit

Check if deployed software has known vulnerabilities:

bash
npx tsx scripts/lookup.ts --product "Apache Tomcat" --limit 50

Incident Response

Quickly look up a CVE mentioned in an alert:

bash
npx tsx scripts/lookup.ts CVE-2024-1234

Dependency Scanning

Verify your project dependencies for known issues:

bash
npx tsx scripts/lookup.ts --product "jQuery" --limit 20

Vulnerability Assessment

Research a specific vulnerability before patching:

bash
npx tsx scripts/lookup.ts CVE-2024-1086 --no-cache

Caching

Results are cached for 24 hours by default. CVE information doesn't change frequently, so caching significantly improves performance.

Use --no-cache when:

  • You need the latest CVE information
  • Recently patched vulnerabilities may not be in cache
  • Doing a fresh security assessment

Limitations

  • Search coverage: Depends on OpenCVE's database (generally comprehensive for official CVE list)
  • Real-time updates: Cached for 24 hours (use --no-cache for fresh data)
  • Product name matching: Uses substring search (may return unrelated CVEs)
  • Rate limiting: OpenCVE API has rate limits (automatic backoff implemented)
  • Detailed info: Some older CVEs may have incomplete metadata

Exit Codes

CodeMeaning
0Success (CVE found or search completed)
1CVE not found or error occurred

Examples

Find a specific vulnerability

bash
npx tsx scripts/lookup.ts CVE-2024-1086
# Returns full details of the Linux kernel buffer overflow

Search for vulnerabilities in OpenSSL

bash
npx tsx scripts/lookup.ts --product OpenSSL
# Returns up to 10 OpenSSL CVEs

Get all recent Django vulnerabilities

bash
npx tsx scripts/lookup.ts --product "Django" --limit 30
# Returns up to 30 Django-related CVEs

Fresh lookup bypassing cache

bash
npx tsx scripts/lookup.ts CVE-2024-1234 --no-cache
# Fetches latest data from OpenCVE API

Related Skills

  • Use with version checking tools to identify if your installed version is vulnerable
  • Combine with security scanning tools for comprehensive vulnerability assessment
  • Cross-reference with GitHub Advisories for ecosystem-specific information

Troubleshooting

"CVE not found"

  • CVE may not yet be in the public database
  • Try with --no-cache to check latest database
  • Verify CVE ID format: CVE-YYYY-NNNNN

No results for product search

  • Product name may not match database naming
  • Try alternate names (e.g., "Apache HTTP Server" vs "Apache")
  • Check OpenCVE documentation for correct product names

Rate limit error

  • Wait a moment and retry
  • Use cached results from previous queries
  • Limit number of simultaneous requests

References