CVE Lookup

CVSS score, CISA KEV status, weaknesses, and references — straight from NVD, nothing added.

How it works

The ID is queried against the National Vulnerability Database 2.0 API and shown as-is: the highest-version CVSS metric available, the CISA Known Exploited Vulnerabilities entry when one exists, CWE weakness classifications, and primary references. Results are cached for 24 hours; nothing is editorialized or invented.

FAQ

What does a KEV entry mean?

CISA has confirmed the vulnerability is actively exploited in the wild. KEV listing plus a due date outranks a raw CVSS number for patch prioritization — a 7.8 in KEV usually matters more than a 9.8 that isn't.

Why does a brand-new CVE show no score?

NVD analysis lags disclosure — new CVEs sit "Awaiting Analysis" with no CVSS for days or weeks. The tool shows exactly what NVD has; check vendor advisories in the references meanwhile.