All numbers are live. Our sync pipeline pulls the latest CVE data from GitHub's CVEProject repository and enriches it automatically.
The latest critical vulnerabilities discovered in the wild. These CVEs scored 9.0+ on CVSS and were published in the last 24–48 hours. Each one is automatically enriched with exploit data, affected products, and ATT&CK mappings the moment it enters our pipeline.
4 new critical CVEs in the last 24 hours
Accordion and Accordion Slider 1.4.6 - Injected Backdoor
SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE
@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes
The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payme...
Riaxe Product Customizer <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action
Search across 325.8K CVEs by ID, description, vendor, CWE, or natural language query. Powered by semantic search — describe what you're looking for, and we'll find it.
CVE Tools is not just a database — it's a complete vulnerability intelligence workstation. Every CVE is enriched, linked, and queryable through multiple interfaces.
Continuously synced from the official CVEProject repository. Every record includes CVSS scores, affected products, CPE identifiers, CWE weaknesses, and full version range details. Filter by severity, vendor, date range, exploit availability, and more.
Automatically discovers and links proof-of-concept exploits from GitHub repositories, ExploitDB entries, and Metasploit modules. Know instantly which CVEs have weaponized code available — and how mature it is.
Community-maintained and AI-generated Nuclei scanner templates mapped to specific CVEs. Use them to validate whether your infrastructure is affected, or generate new templates with the AI assistant.
Every CVE includes its EPSS (Exploit Prediction Scoring System) score from FIRST.org, updated regularly. Prioritize remediation by real-world exploit probability — not just theoretical severity.
Tracks the Known Exploited Vulnerabilities catalog maintained by CISA. Flag CVEs that are confirmed exploited in the wild and that US federal agencies are mandated to patch.
Interactive visualization mapping products to CVEs to MITRE ATT&CK techniques and kill chain stages. Understand not just what's vulnerable — but how an attacker would chain it.
Chat with an AI security analyst about any CVE. Ask for impact analysis, get remediation recommendations, compare vulnerabilities, generate detection rules, or query the database in plain English.
Integrate CVE Tools into your workflow. Use the Model Context Protocol server with Claude, Cursor, or any MCP-compatible tool. Or call the REST API directly from your scripts, SIEM, or ticketing system.
From a searchable database with deep filters to an AI analyst you can talk to — every screen is built for security teams that need answers fast.
250,000+ CVEs with a sidebar packed with filters. Combine KEV status, exploit availability, EPSS range, CWE, vendor, attack vector, and date range. Sub-50ms results via Typesense.
This graph is built automatically from the 3 most recent critical CVEs in our database. It maps affected products through vulnerabilities to MITRE ATT&CK techniques and kill chain stages — showing not just what's broken, but how it could be exploited.
siyuan-note/siyuan
SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE
Openfind/MailAudit
Openfind|MailGates/MailAudit - Stack-based Buffer Overflow
imprintnext/Riaxe Product Customizer
Riaxe Product Customizer <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action
This graph updates automatically when new critical CVEs are discovered and enriched.
We continuously scan multiple exploit sources and link them to CVEs in our database. When a new proof-of-concept appears on GitHub, a Metasploit module gets published, or a Nuclei template is created — we pick it up and connect it to the right vulnerability automatically.
Exploit data is refreshed alongside CVE sync. New links appear within hours of public disclosure.
Our database covers CVEs from 1999 to present. The chart below shows accepted CVE counts by publication year. The current year updates in real time as new vulnerabilities are published and synced.
The most frequently affected vendors in our database — and counting.
CVE Tools aggregates, enriches, and structures vulnerability data from authoritative sources. Every record passes through our parsing, scoring, and enrichment pipeline before entering the database.
Official CVE database from CVE Numbering Authorities. Synced from GitHub repository.
NIST National Vulnerability Database. CVSS scoring, CPE matching, and CWE classification.
Russian FSTEC vulnerability database. Independent severity assessments and remediation data.
GitHub Security Advisories. OSV-format advisories with ecosystem-specific impact data.
ProjectDiscovery scanner templates. Actionable detection rules linked to CVEs.
CISA Known Exploited Vulnerabilities catalog. Confirmed active exploitation in the wild.
OSV, VulnDB, and ZDI integrations are in development. New sources are added as modular pipeline stages.
Each CVE is parsed, scored by CVSS, classified by priority, matched to affected products via CPE, and enriched with exploit and threat intelligence data.
Only CVEs meeting the severity threshold (CVSS ≥ 7.0 by default) are accepted into the database. Reserved and disputed entries are excluded.
Distribution across 325,834 accepted CVEs
Create a free account to access the full CVE database, AI-powered analysis, exploit intelligence, attack surface visualization, and API integrations. No credit card required.