Search for Common Vulnerabilities and Exposures (CVEs) by ID (e.g., CVE-2024-1086) or by product name (e.g., OpenSSL, Apache Tomcat). Get detailed vulnerability information including severity scores, affected software versions, and references. Use when the user wants to look up CVE information, check if a product has known vulnerabilities, or research security issues.
View on GitHubplugins/cve-search/skills/cve-lookup/SKILL.md
January 23, 2026
Select agents to install to:
npx add-skill https://github.com/Mearman/marketplace/blob/main/plugins/cve-search/skills/cve-lookup/SKILL.md -a claude-code --skill cve-lookupInstallation paths:
.claude/skills/cve-lookup/# CVE Vulnerability Lookup
Search for Common Vulnerabilities and Exposures (CVEs) with detailed information including severity scores, affected software, and references.
## Usage
```bash
npx tsx scripts/lookup.ts [cve-id | --product <name>] [options]
```
### Arguments
| Argument | Required | Description |
|----------|----------|-------------|
| `cve-id` | No*| Search by CVE ID (e.g., CVE-2024-1086) |
| `--product` | No* | Search for CVEs affecting a product |
*Either `cve-id` or `--product` must be provided
### Options
| Option | Description |
|--------|-------------|
| `--no-cache` | Bypass cache and fetch fresh data |
| `--limit=<n>` | Limit results for product search (default: 10) |
### Output
CVE ID Search Output:
```
๐ CVE-2024-1086
Severity: HIGH (7.8)
Published: 2024-01-15 12:30
Modified: 2024-01-20 08:45
Summary:
A buffer overflow vulnerability in Linux kernel network stack...
CVSS v3.1: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Software:
1. Linux Kernel - Versions 5.15 to 6.6, 6.7-rc1 to 6.7
Versions: 5.15.0, 5.16.0, 6.0.0, 6.1.0, 6.2.0 ... and 15 more
Weaknesses: CWE-120 (Buffer Copy without Checking Size of Input)
References:
1. https://nvd.nist.gov/vuln/detail/CVE-2024-1086
2. https://www.cisa.gov/news-events/alerts/2024/01/15/...
3. https://github.com/advisories/GHSA-...
```
## Quick Start
```bash
npx tsx scripts/lookup.ts CVE-2024-1086
npx tsx scripts/lookup.ts --product OpenSSL
npx tsx scripts/lookup.ts --product "Apache Struts" --limit 20
```
Run from the cve-search plugin directory: `~/.claude/plugins/cache/cve-search/`
## Data Sources
The skill uses **OpenCVE API** as the primary data source:
- **OpenCVE**: Lightweight, JSON-based CVE database
- **Coverage**: Official CVE list with detailed metadata
- **Update frequency**: Synchronized with official CVE feeds
- **No authentication**: Public API, free to use
## How It Works
### CVE ID Lookup
When searching by CVE ID (e.g., `CVE-2024-1086`):
1.