CVE Search 🔍💰
Search the National Vulnerability Database for known vulnerabilities. Every CVE you find in your target's stack is potential bounty money.
Why CVE Hunting Matters
You: "They're running jQuery 3.4.1"
NVD: "CVE-2020-11023 - XSS in jQuery < 3.5.0"
You: "That's a free $500-$2,000 finding"
Quick Start
# Search by keyword (e.g., software name)
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "jquery"
# Search by specific CVE ID
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cve "CVE-2021-44228"
# Search by CWE (find all XSS CVEs)
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cwe "CWE-79"
# Search by severity
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "apache" --severity "CRITICAL"
# Recent CVEs (last 30 days)
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "wordpress" --days 30
# JSON output
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "react" --json
API Parameters
| Parameter | Description | Example |
|---|
--keyword | Search term (software, vendor) | --keyword "react" |
--cve | Specific CVE ID | --cve "CVE-2023-12345" |
--cwe | CWE ID filter | --cwe "CWE-89" |
--severity | CVSS v3 severity | --severity "HIGH" |
--days | Published in last N days | --days 90 |
--limit | Max results (default 10) | --limit 20 |
Severity Levels
| Severity | CVSS Score | Bounty Potential |
|---|
| CRITICAL | 9.0 - 10.0 | $5,000 - $50,000+ |
| HIGH | 7.0 - 8.9 | $2,000 - $10,000 |
| MEDIUM | 4.0 - 6.9 | $500 - $3,000 |
| LOW | 0.1 - 3.9 | $100 - $500 |
Response Format
### CVE-2021-44228 (Log4Shell) 💰💰💰
**Severity**: CRITICAL (10.0)
**Bounty Estimate**: $10,000 - $50,000+
**Summary**:
Apache Log4j2 allows RCE via JNDI lookup in log messages...
**Affected Versions**:
- Apache Log4j 2.0-beta9 to 2.14.1
**CWE**: CWE-502 (Deserialization of Untrusted Data)
**Attack Vector**:
- Network exploitable
- No authentication required
- User interaction: None
**References**:
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- https://logging.apache.org/log4j/2.x/security.html
**Exploit Available**: Yes (public exploits exist)
Hunting Workflow
- Identify Stack: What software/versions is the target using?
- Search NVD: Look for CVEs affecting those versions
- Assess Impact: Can you actually exploit it on the target?
- Document: Include CVE reference in your report
Rate Limiting
- Public API: 5 requests per 30 seconds
- With API Key: 50 requests per 30 seconds
The script automatically handles rate limiting with delays.
Pro Tips
Stack Fingerprinting
# Check JavaScript libraries
curl -s target.com | grep -oE '(jquery|react|angular|vue)[^"]*\.js'
# Check response headers
curl -I target.com | grep -i 'x-powered-by\|server'
# Then search for CVEs
npx cve-search --keyword "nginx 1.18"
High-Value Targets
# Log4j (still paying out)
npx cve-search --cve "CVE-2021-44228"
# Spring4Shell
npx cve-search --cve "CVE-2022-22965"
# Recent critical CVEs
npx cve-search --severity "CRITICAL" --days 90
CWE-based Hunting
# Find all SQL injection CVEs
npx cve-search --cwe "CWE-89" --keyword "wordpress"
# Find all XSS CVEs for jQuery
npx cve-search --cwe "CWE-79" --keyword "jquery"
Output Fields
| Field | Description |
|---|
id | CVE identifier |
description | Vulnerability summary |
severity | CRITICAL/HIGH/MEDIUM/LOW |
score | CVSS v3 base score |
cwes | Related CWE identifiers |
affected | Affected software/versions |
references | Links to advisories/patches |
published | Publication date |
exploitAvailable | Whether public exploit exists |
External Resources
