Claude-skill-registry cve-search
Searches the NIST NVD database for CVE vulnerabilities using API 2.0. Returns CVE details, CVSS scores, affected software, and references. Use when user asks about "CVE", "vulnerability database", "NIST", "NVD", "security advisory", "CVE-2024", "CVE-2023", "脆弱性", "セキュリティアドバイザリ", or wants to find known vulnerabilities for specific software.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/cve-search" ~/.claude/skills/majiayu000-claude-skill-registry-cve-search && rm -rf "$T"
manifest:
skills/data/cve-search/SKILL.mdsource content
CVE Search 🔍💰
Search the National Vulnerability Database for known vulnerabilities. Every CVE you find in your target's stack is potential bounty money.
Why CVE Hunting Matters
You: "They're running jQuery 3.4.1" NVD: "CVE-2020-11023 - XSS in jQuery < 3.5.0" You: "That's a free $500-$2,000 finding"
Quick Start
# Search by keyword (e.g., software name) cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "jquery" # Search by specific CVE ID cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cve "CVE-2021-44228" # Search by CWE (find all XSS CVEs) cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cwe "CWE-79" # Search by severity cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "apache" --severity "CRITICAL" # Recent CVEs (last 30 days) cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "wordpress" --days 30 # JSON output cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "react" --json
API Parameters
| Parameter | Description | Example |
|---|---|---|
| Search term (software, vendor) | |
| Specific CVE ID | |
| CWE ID filter | |
| CVSS v3 severity | |
| Published in last N days | |
| Max results (default 10) | |
Severity Levels
| Severity | CVSS Score | Bounty Potential |
|---|---|---|
| CRITICAL | 9.0 - 10.0 | $5,000 - $50,000+ |
| HIGH | 7.0 - 8.9 | $2,000 - $10,000 |
| MEDIUM | 4.0 - 6.9 | $500 - $3,000 |
| LOW | 0.1 - 3.9 | $100 - $500 |
Response Format
### CVE-2021-44228 (Log4Shell) 💰💰💰 **Severity**: CRITICAL (10.0) **Bounty Estimate**: $10,000 - $50,000+ **Summary**: Apache Log4j2 allows RCE via JNDI lookup in log messages... **Affected Versions**: - Apache Log4j 2.0-beta9 to 2.14.1 **CWE**: CWE-502 (Deserialization of Untrusted Data) **Attack Vector**: - Network exploitable - No authentication required - User interaction: None **References**: - https://nvd.nist.gov/vuln/detail/CVE-2021-44228 - https://logging.apache.org/log4j/2.x/security.html **Exploit Available**: Yes (public exploits exist)
Hunting Workflow
- Identify Stack: What software/versions is the target using?
- Search NVD: Look for CVEs affecting those versions
- Assess Impact: Can you actually exploit it on the target?
- Document: Include CVE reference in your report
Rate Limiting
- Public API: 5 requests per 30 seconds
- With API Key: 50 requests per 30 seconds
The script automatically handles rate limiting with delays.
Pro Tips
Stack Fingerprinting
# Check JavaScript libraries curl -s target.com | grep -oE '(jquery|react|angular|vue)[^"]*\.js' # Check response headers curl -I target.com | grep -i 'x-powered-by\|server' # Then search for CVEs npx cve-search --keyword "nginx 1.18"
High-Value Targets
# Log4j (still paying out) npx cve-search --cve "CVE-2021-44228" # Spring4Shell npx cve-search --cve "CVE-2022-22965" # Recent critical CVEs npx cve-search --severity "CRITICAL" --days 90
CWE-based Hunting
# Find all SQL injection CVEs npx cve-search --cwe "CWE-89" --keyword "wordpress" # Find all XSS CVEs for jQuery npx cve-search --cwe "CWE-79" --keyword "jquery"
Output Fields
| Field | Description |
|---|---|
| CVE identifier |
| Vulnerability summary |
| CRITICAL/HIGH/MEDIUM/LOW |
| CVSS v3 base score |
| Related CWE identifiers |
| Affected software/versions |
| Links to advisories/patches |
| Publication date |
| Whether public exploit exists |