Vulnerability lifecycle management including CVE tracking, CVSS scoring, risk prioritization, remediation workflows, and coordinated disclosure practices
View on GitHubplugins/security/skills/vulnerability-management/SKILL.md
January 21, 2026
Select agents to install to:
npx add-skill https://github.com/melodic-software/claude-code-plugins/blob/main/plugins/security/skills/vulnerability-management/SKILL.md -a claude-code --skill vulnerability-managementInstallation paths:
.claude/skills/vulnerability-management/# Vulnerability Management End-to-end vulnerability lifecycle from discovery through remediation and verification. ## When to Use This Skill **Keywords:** vulnerability management, CVE, CVSS, remediation, patching, risk prioritization, EPSS, KEV, vulnerability disclosure, bug bounty, patch management, vulnerability scanning, asset inventory **Use this skill when:** - Setting up vulnerability management programs - Interpreting CVSS scores and metrics - Prioritizing vulnerability remediation - Designing patch management processes - Implementing vulnerability disclosure programs - Managing bug bounty programs - Tracking CVE/CWE/NVD data - Creating SLA policies for remediation ## Quick Decision Tree 1. **Understanding vulnerability scores?** → See [CVSS Scoring](#cvss-scoring-overview) 2. **Prioritizing what to fix first?** → See [Risk-Based Prioritization](#risk-based-prioritization) 3. **Designing remediation workflow?** → See [references/remediation-workflow.md](references/remediation-workflow.md) 4. **Setting up disclosure program?** → See [Vulnerability Disclosure](#vulnerability-disclosure) 5. **CVSS calculation details?** → See [references/cvss-scoring.md](references/cvss-scoring.md) ## Vulnerability Lifecycle ```text ┌─────────────────────────────────────────────────────────────────┐ │ VULNERABILITY MANAGEMENT LIFECYCLE │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ DISCOVER ──▶ ASSESS ──▶ PRIORITIZE ──▶ REMEDIATE ──▶ VERIFY │ │ │ │ │ │ │ │ │ ▼ ▼ ▼ ▼ ▼ │ │ ┌───────┐ ┌───────┐ ┌────────┐ ┌────────┐ ┌────────┐ │ │ │Scanner│ │CVSS │ │Risk │ │Patch/ │ │Rescan/ │ │ │ │Pentest│ │Context│ │Matrix │ │Config │ │Validate│ │ │ │Bug │ │Assets │ │EPSS+KEV│ │Mitigate│ │Close │ │ │