Running cvemap - ProjectDiscovery Documentation

For all of the flags and options available for cvemap be sure to check out the Usage page. On this page we’ll share examples running cvemap with specific flags and goals and the output you can expect from each. If you have questions, reach out to us through Help.

Prerequisites for cvemap

Before using cvemap, you’ll need to get a ProjectDiscovery Cloud Platform (PDCP) account and API key so that you can access the cvemap API data.

Navigate to https://cloud.projectdiscovery.io/ and click “Sign Up” (or “Sign In” if you already have a PDCP account).

Get your PDCP API Key

Once signed into ProjectDiscovery Cloud Platform, you can navigate to https://cloud.projectdiscovery.io/?ref=api_key to find your API Key.

Use the copy button to copy your API Key - we nee dthis to authenticate your install

Authorize cvemap with PDCP

To authenticate your install of cvemap, run

cvemap -auth

When prompted, paste the key you obtained above.

Basic Examples

By default, cvemap lists all the known exploited vulnerabilities based CVEs published by cisa.

List top known exploited vulnerabilities

$ cvemap -limit 10


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/ 
                               /_/
                 
      projectdiscovery.io

| ID            | CVSS | SEVERITY | EPSS    | PRODUCT               | TEMPLATE | AGE |
|---------------|------|----------|---------|-----------------------|----------|-----|
| CVE-2023-5631 | 5.4  | MEDIUM   | 0.00986 | webmail               | ❌       | 18  |
| CVE-2023-5217 | 8.8  | HIGH     | 0.26047 | libvpx                | ❌       | 38  |
| CVE-2023-4966 | 7.5  | HIGH     | 0.92267 | netscaler_application | ✅       | 26  |
| CVE-2023-4863 | 8.8  | HIGH     | 0.4101  | chrome                | ❌       | 54  |
| CVE-2023-46748| 8.8  | HIGH     | 0.00607 |                       | ❌       | 10  |
| CVE-2023-46747| 9.8  | CRITICAL | 0.95304 |                       | ✅       | 10  |
| CVE-2023-46604| 10   | CRITICAL | 0.01596 |                       | ✅       | 9   |
| CVE-2023-44487| 7.5  | HIGH     | 0.52748 | http                  | ❌       | 26  |
| CVE-2023-42824| 7.8  | HIGH     | 0.00062 | ipados                | ❌       | 32  |
| CVE-2023-42793| 9.8  | CRITICAL | 0.97264 | teamcity              | ✅       | 47  |

List top CVEs on HackerOne

List top CVEs being reported on hackerone platform using -h1 or -hackerone option.

$ cvemap -h1

| CVE            | CVSS | SEVERITY | RANK | REPORTS | PRODUCT              | TEMPLATE | AGE  |
|----------------|------|----------|------|---------|----------------------|----------|------|
| CVE-2020-35946 | 5.4  | MEDIUM   | 1    | 304     | all_in_one_seo_pack  | ❌       | 1038 |
| CVE-2023-4966  | 7.5  | HIGH     | 2    | 54      | netscaler_application| ✅       | 26   |
| CVE-2023-22518 | 9.1  | CRITICAL | 3    | 27      |                      | ✅       | 5    |
| CVE-2017-15277 | 6.5  | MEDIUM   | 4    | 1139    | graphicsmagick       | ❌       | 2215 |
| CVE-2023-35813 | 9.8  | CRITICAL | 5    | 54      | experience_commerce  | ✅       | 141  |
| CVE-2022-38463 | 6.1  | MEDIUM   | 6    | 342     | servicenow           | ✅       | 439  |
| CVE-2020-11022 | 6.1  | MEDIUM   | 7    | 209     | jquery               | ❌       | 1285 |
| CVE-2020-11023 | 6.1  | MEDIUM   | 8    | 208     | jquery               | ❌       | 1285 |
| CVE-2023-38205 | 7.5  | HIGH     | 9    | 162     | coldfusion           | ✅       | 52   |
| CVE-2019-11358 | 6.1  | MEDIUM   | 10   | 214     | jquery               | ❌       | 1660 |

cvemap provide multiple ways to query cve data i.e by product, vendor, severity, cpe, assignee, cvss-score, epss-score, age etc, for example:

List all CVEs for Confluence

List all the cves published for Atlassian Confluence:

cvemap -product confluence -l 5

| ID            | CVSS | SEVERITY | EPSS    | PRODUCT    | TEMPLATE |
|---------------|------|----------|---------|------------|----------|
| CVE-2020-4027 | 4.7  | MEDIUM   | 0.00105 | confluence | ❌       |
| CVE-2019-3398 | 8.8  | HIGH     | 0.97342 | confluence | ✅       |
| CVE-2019-3396 | 9.8  | CRITICAL | 0.97504 | confluence | ✅       |
| CVE-2019-3395 | 9.8  | CRITICAL | 0.07038 | confluence | ❌       |
| CVE-2019-3394 | 8.8  | HIGH     | 0.1885  | confluence | ❌       |

As default, cvemap display default / limit fields which can be custizmed and controoled using -field/ -f option, for example:

$ cvemap -severity critical -field assignee,vstatus,poc -l 5

| ID            | CVSS | SEVERITY | EPSS    | PRODUCT          | TEMPLATE | ASSIGNEE               | VSTATUS     | POC   |
|---------------|------|----------|---------|------------------|----------|------------------------|-------------|-------|
| CVE-2023-5843 | 9    | CRITICAL | 0.00053 |                  | ❌       | security@wordfence.com | UNCONFIRMED | FALSE |
| CVE-2023-5832 | 9.1  | CRITICAL | 0.00043 |                  | ❌       | security@huntr.dev     | UNCONFIRMED | FALSE |
| CVE-2023-5824 | 9.6  | CRITICAL | 0.00045 |                  | ❌       | secalert@redhat.com    | UNCONFIRMED | FALSE |
| CVE-2023-5820 | 9.6  | CRITICAL | 0.00047 |                  | ❌       | security@wordfence.com | UNCONFIRMED | FALSE |
| CVE-2023-5807 | 9.8  | CRITICAL | 0.00076 | education_portal | ❌       | cve@usom.gov.tr        | CONFIRMED   | FALSE |

To list cves with matching threshold like, CVSS score or EPSS Score / Percentile, below options can be used:

$ cvemap -silent -cs '> 7' -es '> 0.00053' -l 5

| ID            | CVSS | SEVERITY | EPSS    | PRODUCT                               | TEMPLATE |
|---------------|------|----------|---------|---------------------------------------|----------|
| CVE-2023-5860 | 7.2  | HIGH     | 0.00132 |                                       | ❌       |
| CVE-2023-5843 | 9    | CRITICAL | 0.00053 |                                       | ❌       |
| CVE-2023-5807 | 9.8  | CRITICAL | 0.00076 | education_portal                      | ❌       |
| CVE-2023-5804 | 9.8  | CRITICAL | 0.00063 | nipah_virus_testing_management_system | ❌       |
| CVE-2023-5802 | 8.8  | HIGH     | 0.00058 | wp_knowledgebase                      | ❌       |

To filter cves to match with specifc conditions like, cves has public poc or template and in the list of kev, belows options can beused:

$ cvemap -silent -template=false -poc=true -kev=true -l 5 -f poc,kev

| ID             | CVSS | SEVERITY | EPSS    | PRODUCT | TEMPLATE | POC  | KEV  |
|----------------|------|----------|---------|---------|----------|------|------|
| CVE-2023-5631  | 5.4  | MEDIUM   | 0.00986 | webmail | ❌       | TRUE | TRUE |
| CVE-2023-5217  | 8.8  | HIGH     | 0.26047 | libvpx  | ❌       | TRUE | TRUE |
| CVE-2023-4863  | 8.8  | HIGH     | 0.4101  | chrome  | ❌       | TRUE | TRUE |
| CVE-2023-44487 | 7.5  | HIGH     | 0.52748 | http    | ❌       | TRUE | TRUE |
| CVE-2023-41993 | 9.8  | CRITICAL | 0.00617 | safari  | ❌       | TRUE | TRUE |

Return CVE IDs only

To return only CVE IDs, -lsi or -list-id flag can be used along with existing filter or search of cvemap.

cvemap -kev -limit 10 -list-id

CVE-2024-21887
CVE-2024-0519
CVE-2023-7101
CVE-2023-7024
CVE-2023-6549
CVE-2023-6548
CVE-2023-6448
CVE-2023-6345
CVE-2023-5631
CVE-2023-5217

JSON Output

$ echo CVE-2024-21887 | cvemap -json

[
  {
    "cve_id": "CVE-2024-21887",
    "cve_description": "A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)  allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.",
    "severity": "critical",
    "cvss_score": 9.1,
    "cvss_metrics": {
      "cvss30": {
        "score": 9.1,
        "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "severity": "critical"
      },
      "cvss31": {
        "score": 9.1,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "severity": "critical"
      }
    },
    "weaknesses": [
      {
        "cwe_id": "CWE-77",
        "cwe_name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')"
      }
    ],
    "epss": {
      "epss_score": 0.95688,
      "epss_percentile": 0.99289
    },
    "cpe": {
      "cpe": "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
      "vendor": "ivanti",
      "product": "connect_secure"
    },
    "reference": [
      "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html"
    ],
    "poc": [
      {
        "url": "https://github.com/tucommenceapousser/CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-20T19:15:23Z"
      },
      {
        "url": "https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-19T08:11:31Z"
      },
      {
        "url": "https://github.com/seajaysec/Ivanti-Connect-Around-Scan",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-19T02:12:11Z"
      },
      {
        "url": "https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-18T13:25:46Z"
      },
      {
        "url": "https://github.com/TheRedDevil1/Check-Vulns-Script",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-17T10:29:02Z"
      },
      {
        "url": "https://github.com/Chocapikk/CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-16T20:59:38Z"
      },
      {
        "url": "https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-16T19:40:59Z"
      },
      {
        "url": "https://github.com/rxwx/pulse-meter",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-16T19:19:52Z"
      },
      {
        "url": "https://github.com/oways/ivanti-CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-14T09:25:56Z"
      }
    ],
    "vendor_advisory": "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
    "is_template": true,
    "nuclei_templates": {
      "template_path": "http/cves/2024/CVE-2024-21887.yaml",
      "template_url": "https://cloud.projectdiscovery.io/public/CVE-2024-21887",
      "created_at": "2024-01-17T02:23:45+05:30",
      "updated_at": "2024-01-16T21:14:22Z"
    },
    "is_exploited": true,
    "kev": {
      "added_date": "2024-01-10",
      "due_date": "2024-01-22"
    },
    "assignee": "support@hackerone.com",
    "published_at": "2024-01-12T17:15:10.017",
    "updated_at": "2024-01-22T17:15:09.523",
    "hackerone": {
      "rank": 6345,
      "count": 0
    },
    "age_in_days": 10,
    "vuln_status": "modified",
    "is_poc": true,
    "is_remote": false,
    "is_oss": false,
    "vulnerable_cpe": [
      "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*"
    ]
  }
]

Advanced Filters

You can combine filters with a -q query to match multiple filters. For example:

cvemap -q '"remote code execution" 2023 is_remote:true is_poc:true sort_asc:age_in_days'

| ID            | CVSS | SEVERITY | EPSS    | PRODUCT | TEMPLATE | POC  | KEV  |
|---------------|------|----------|---------|---------|----------|------|------|
| CVE-2023-5631 | 5.4  | MEDIUM   | 0.00986 | webmail | ❌       | TRUE | TRUE |
| CVE-2023-5217 | 8.8  | HIGH     | 0.26047 | libvpx  | ❌       | TRUE | TRUE |
| CVE-2023-4863 | 8.8  | HIGH     | 0.4101  | chrome  | ❌       | TRUE | TRUE |
| CVE-2023-44487| 7.5  | HIGH     | 0.52748 | http    | ❌       | TRUE | TRUE |
| CVE-2023-41993| 9.8  | CRITICAL | 0.00617 | safari  | ❌       | TRUE | TRUE |

You can see the documentation for all available filters below:

Metadata

age_in_days

number

Age of the CVE

assignee

string

The assignee for this CVE.

Typically this is an email address such as security@apache.org or cve@mitre.org

cve_description

string

The description of the CVE from the NVD

cve_id

string

The CVE ID for a specific CVE such as CVE-2019-7070

cvss_score

number

The CVSS v3.0 score for this CloseEvent. Example: 8.8

is_exploited

boolean

Is the CVE marked as a Known Exploited Vulnerability (KEV)

is_oss

boolean

Is this CVE in open source software with OSS data available?

is_poc

boolean

Is there a Proof of Concept (POC) available for this CVE?

.is_remote

boolean

Is this CVE remotely exploitable?

is_template

boolean

Is there a Nuclei Template available for this CVE?

patch_url

string

The URL for the patch for this CVE.

Example: https://helpx.adobe.com/security/products/acrobat/apsb19-07.html

published_at

datetime

The published date and time for this CVE. Example: 2019-05-24T19:29:02.080

reference

string

The URL reference for this CVE.

Example: https://www.zerodayinitiative.com/advisories/ZDI-19-210/

severity

string

The CVSS 3.0 severity for this CVE. Example: severity

updated_at

datetime

The last date and time that this CVE was updated. Example: 2019-08-21T16:20:31.353

vendor_advisory

string

The URL for the vendor advisory for this CVE.

Example: vendor_advisory

vuln_status

string

The vulnerability status this CVE. Example: confirmed

vulnerable_cpe

string

The CPE string for this CVE. Example: cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

CPE Data

Common Platform Enumeration (CPE) Data

cpe

Common Platform Enumeration Object

cpe

string

The full Common Platform Enumeration String. Example:

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*

framework

string

Common Platform Enumeration framework. Example: wordpress

product

string

Common Platform Enumeration product. Example: acrobat_dc

vendor

string

Common Platform Enumeration vendor. Example: adobe

CVSS Data

Common Vulnerability Scoring System (CVSS) Data

cvss_metrics

CVSS Object

EPSS Data

Use After FreeExploit Prediction Scoring System (EPSS) Data

epss

EPSS Object

HackerOne Data

hackerone

hackerone Object

KVE Data

Known Exploited Vulnerability (KEV) Data

kev

KVE Object

Nuclei Template Data

nuclei_templates

Nuclei Template Object

Open Source Software (OSS) Data

oss

OSS Object

Proof of Concept (POC) Data

poc

POC Object

Shodan Data

shodan

Shodan Object

CWE Data

Common Weakness Enumeration (CWE) Data

weaknesses

CWE Object

Tools

​Prerequisites for cvemap

​Basic Examples

​List top known exploited vulnerabilities

​List top CVEs on HackerOne

​List all CVEs for Confluence

​Return CVE IDs only

​JSON Output

​Advanced Filters

​Metadata

​CPE Data

​CVSS Data

​EPSS Data

​HackerOne Data

​KVE Data

​Nuclei Template Data

​Open Source Software (OSS) Data

​Proof of Concept (POC) Data

​Shodan Data

​CWE Data

Prerequisites for cvemap

Basic Examples

List top known exploited vulnerabilities

List top CVEs on HackerOne

List all CVEs for Confluence

Return CVE IDs only

JSON Output

Advanced Filters

Metadata

CPE Data

CVSS Data

EPSS Data

HackerOne Data

KVE Data

Nuclei Template Data

Open Source Software (OSS) Data

Proof of Concept (POC) Data

Shodan Data

CWE Data