Back to Skills

cve-lookup

verified

Search for Common Vulnerabilities and Exposures (CVEs) by ID (e.g., CVE-2024-1086) or by product name (e.g., OpenSSL, Apache Tomcat). Get detailed vulnerability information including severity scores, affected software versions, and references. Use when the user wants to look up CVE information, check if a product has known vulnerabilities, or research security issues.

View on GitHub

Marketplace

mearman

Mearman/marketplace

Plugin

cve-search

Repository

Mearman/marketplace
2stars

plugins/cve-search/skills/cve-lookup/SKILL.md

Last Verified

January 23, 2026

Install Skill

Select agents to install to:

Scope:
npx add-skill https://github.com/Mearman/marketplace/blob/main/plugins/cve-search/skills/cve-lookup/SKILL.md -a claude-code --skill cve-lookup

Installation paths:

Claude
.claude/skills/cve-lookup/
Powered by add-skill CLI

Instructions

# CVE Vulnerability Lookup

Search for Common Vulnerabilities and Exposures (CVEs) with detailed information including severity scores, affected software, and references.

## Usage

```bash
npx tsx scripts/lookup.ts [cve-id | --product <name>] [options]
```

### Arguments

| Argument | Required | Description |
|----------|----------|-------------|
| `cve-id` | No*| Search by CVE ID (e.g., CVE-2024-1086) |
| `--product` | No* | Search for CVEs affecting a product |

*Either `cve-id` or `--product` must be provided

### Options

| Option | Description |
|--------|-------------|
| `--no-cache` | Bypass cache and fetch fresh data |
| `--limit=<n>` | Limit results for product search (default: 10) |

### Output

CVE ID Search Output:
```
๐Ÿ“‹ CVE-2024-1086
Severity: HIGH (7.8)
Published: 2024-01-15 12:30
Modified: 2024-01-20 08:45

Summary:
  A buffer overflow vulnerability in Linux kernel network stack...

CVSS v3.1: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Software:
  1. Linux Kernel - Versions 5.15 to 6.6, 6.7-rc1 to 6.7
     Versions: 5.15.0, 5.16.0, 6.0.0, 6.1.0, 6.2.0 ... and 15 more

Weaknesses: CWE-120 (Buffer Copy without Checking Size of Input)

References:
  1. https://nvd.nist.gov/vuln/detail/CVE-2024-1086
  2. https://www.cisa.gov/news-events/alerts/2024/01/15/...
  3. https://github.com/advisories/GHSA-...
```

## Quick Start

```bash
npx tsx scripts/lookup.ts CVE-2024-1086
npx tsx scripts/lookup.ts --product OpenSSL
npx tsx scripts/lookup.ts --product "Apache Struts" --limit 20
```

Run from the cve-search plugin directory: `~/.claude/plugins/cache/cve-search/`

## Data Sources

The skill uses **OpenCVE API** as the primary data source:
- **OpenCVE**: Lightweight, JSON-based CVE database
- **Coverage**: Official CVE list with detailed metadata
- **Update frequency**: Synchronized with official CVE feeds
- **No authentication**: Public API, free to use

## How It Works

### CVE ID Lookup
When searching by CVE ID (e.g., `CVE-2024-1086`):
1.

Validation Details

Front Matter
Required Fields
Valid Name Format
Valid Description
Has Sections
Allowed Tools
Instruction Length:
6865 chars