CVE Lookup
Search the National Vulnerability Database for any CVE, vendor, or product. Severity, CVSS, affected systems, references — the vendor-risk check every MSP runs before onboarding.
Why this exists
Vendor-risk diligence used to be a paid product. CVE intel, CVSS scoring, exploitability windows — all wrapped behind enterprise-pricing UIs. The data is public; NIST has been publishing the National Vulnerability Database since 2005 and exposes it via a REST API. The wrapper is what's expensive.
For your audience: paste a vendor's product name before the procurement call. If the last 90 days have a critical with a metasploit module, that's the conversation, not the demo.
Frequently asked questions
What does CVE Lookup search?
The U.S. National Vulnerability Database (NVD) for any CVE ID, vendor, product, or keyword. Returns severity (CVSS score and vector), affected configurations (CPE strings), reference URLs (vendor advisories, exploit DBs, patches), and publication date.
What's the source authority?
NIST NVD, the U.S. government's authoritative CVE database. Each entry is enriched from the underlying CVE Mitre record with NIST scoring and CPE matching. Updated within hours of new CVE assignments.
Diligence use case?
MSP/IT-vendor risk diligence (does this vendor's stack have known critical CVEs unpatched?), pre-onboarding vendor questionnaire context, journalism on breach root causes, and incident-response triage. Pair with CISA KEV for the 'actively exploited in the wild' filter.