CVE Lookup — CIRCL Vulnerability Database Search

CVE IDs provide stable names for publicly disclosed vulnerabilities across vendors, scanners, and regulators. A scanner finding referencing CVE-2023-44487 sends everyone to the same advisory corpus regardless of tool vendor. Our lookup retrieves human-readable summary text explaining impact in plain language where CIRCL indexed it.

CVE assignment does not automatically mean exploit exists in your environment — applicability depends on installed versions, configurations, and compensating controls.

We query cve.circl.lu — a widely used community vulnerability API mirroring and enriching NVD content. Responses include summary, scoring, and references consolidated for programmatic access. API availability and freshness follow CIRCL operational status.

When CIRCL returns not found, the CVE may be reserved, rejected, or not yet synchronized. Retry later or consult NVD directly for embargo-period disclosures.

Results may include legacy cvss float and cvssVector alongside cvssV3 and cvssV3Vector. Modern prioritization prefers CVSS v3.1 base scores reflecting scope and impact nuances v2 lacked. Compare both when legacy scanner output still references v2.

Use cvss-calculator to reproduce v3.1 base scores from metric components when explaining severity to non-technical stakeholders or validating scanner-assigned vectors.

CWE identifiers categorize vulnerability types — CWE-79 cross-site scripting, CWE-89 SQL injection, CWE-787 out-of-bounds write. cwe field in results supports trend analysis across ticket backlogs and training focus areas.

CWE alone does not specify affected file or function — it guides remediation patterns and secure coding checklist selection.

references array lists up to fifteen URLs from the CIRCL record — vendor advisories, GitHub commits, analysis blogs, and CERT notes. Follow vendor links for patched versions, workaround steps, and reboot requirements scanners omit.

Archive reference URLs in change tickets for audit trails. Links may rot — capture key version numbers in ticket body text.

published timestamps mark initial disclosure visibility. modified reflects subsequent score or description updates as analysis matured. Timeline fields help SLA tracking from public disclosure to patch deployment.

Embargo releases may show sudden modified spikes when details expand post-coordinated disclosure.

SOC analysts paste CVE IDs from alert metadata into lookup for instant context before escalation. Patch teams batch IDs from weekly scanner exports through API integration for CMDB enrichment.

Combine with shodan-quick-view when assessing internet-exposed services potentially running vulnerable software versions — exposure plus CVE severity drives priority.

CVE lookup retrieves authoritative published scores for assigned CVEs. cvss-calculator computes base scores interactively from chosen metric values — useful for draft CVEs, training, or validating vector arithmetic.

Scores should match when vectors align. M discrepancies suggest modified environmental scores or version differences.

Not every security bug receives CVE assignment. Zero-days during active exploitation may lack public records temporarily. Configuration weaknesses and logic flaws often fall outside CVE scope.

Treat lookup as one input to risk assessment — asset criticality and exposure matter equally.

CVE lookups query public vulnerability databases — no target infrastructure scanning occurs. CVE IDs are public identifiers safe to share in documentation.

Reference links may point to third-party analyses — follow organizational URL filtering policies when opening externally.