Vulnerability intelligence platform that brings together data from all major vulnerability databases into a single, unified view — so you can stop jumping between sources and start focusing on what actually matters for your security.
Vulnerability data is scattered across dozens of databases, each with its own format, scoring, and coverage gaps. NVD has CVSS scores but lags behind on new CVEs. The CVE Program publishes records first but without enrichment. EPSS predicts exploitability but lives in a separate dataset. Exploit code appears on GitHub, ExploitDB, and Metasploit — none of which talk to each other.
CVE Tools merges all of this into one place.
We continuously sync and cross-reference vulnerability data from:
- CVE Program (CVEList V5) — The authoritative source of CVE records
- NVD (National Vulnerability Database) — NIST CVSS scoring, CPE mappings, and references
- BDU FSTEC — Independent Russian vulnerability database with its own CVSS assessments
- GitHub Security Advisories (GHSA) — Vulnerabilities affecting open-source packages
- CISA KEV — Known Exploited Vulnerabilities catalog — what's actively being attacked right now
- EPSS — Exploit Prediction Scoring System with probability scores and trend history
- MITRE ATT&CK — Threat techniques and tactics mapped to vulnerabilities via CWE associations
- Nuclei Templates — Detection templates from ProjectDiscovery mapped to CVEs
- Exploit sources — ExploitDB, Metasploit, PacketStorm, GitHub PoC repositories
Every CVE record is deduplicated, merged by identifiers, and enriched — giving you a single card with CVSS scores from multiple sources, exploit availability, KEV status, EPSS probability, affected products, and remediation guidance.
Unified CVE Dashboard Browse and filter vulnerabilities with 40+ parameters — by priority, CVSS range, EPSS score, vendor, product, exploit availability, KEV status, ATT&CK tactics, and more.
Smart Search Full-text search across CVE IDs, descriptions, vendors, and products. Natural language search powered by AI — ask questions like "remote code execution in Apache libraries this year" and get relevant results.
Risk Prioritization See at a glance what to patch first. We combine CVSS, EPSS, KEV status, and exploit availability into a unified priority score. When different sources disagree on severity — we flag the discrepancy.
Exploit Tracking Know immediately if a public exploit or PoC exists for a vulnerability — aggregated from ExploitDB, Metasploit, GitHub, and Nuclei templates.
AI-Powered Analysis Chat with an AI analyst about any CVE — get summaries, remediation advice, cross-CVE comparisons, and attack surface analysis in natural language.
Public CVE Pages Every CVE has a public detail page with full information — shareable with your team, no login required.
Attack Surface Mapping Visualize how vulnerabilities connect across your product landscape — products, vendors, techniques, and tactics on an interactive graph.
| MCP Server | Connect CVE Tools to Claude Desktop or Claude Code — query vulnerabilities directly from your AI assistant |
| CLI | Browse, search, and inspect CVEs from your terminal |
| Telegram Bot | Quick lookups and account management via Telegram |
| RSS Feed | Subscribe to real-time vulnerability updates in your feed reader |
| OAuth 2.0 | Sign in with GitHub or Google |
| Repository | Description |
|---|---|
| cli | Command-line interface for querying CVEs |
Stop searching. Start seeing the full picture.