Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data
C Shell XSLT Perl Makefile M4 Other
Switch branches/tags
Nothing to show
Clone or download
sjvermeu Merge pull request #28 from DerDakon/ignore-invalid
skip lines with invalid cpe types in pullcves
Latest commit 0f1ae26 May 4, 2017


The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.


  1. Initalize the SQLite3 Database
    ~# cvechecker -i

  2. Load CVE and version matching rules
    ~$ pullcves pull

  3. Generate List of Files to scan
    ~$ find / -type f -perm -o+x > scanlist.txt ~$ echo "/proc/version" >> scanlist.txt

  4. Gather List of Installed Software/Versions
    ~$ cvechecker -b scanlist.txt

  5. Output Matching CVE Entries
    ~$ cvechecker -r

More detailed installation information available via the installation docs.
The homepage for this project.