Search the National Vulnerability Database in real time. Look up CVE IDs by name, keyword, vendor, CVSS severity or publication year — fast, free and developer-friendly.
A focused, fast and free CVE lookup experience — no signup, no rate limits from our side, just direct access to the NIST National Vulnerability Database.
Every query hits the official NVD REST API v2 — no stale caches, no outdated records. You see what NIST sees.
Filter by CVE ID, keyword, vendor, CVSS v3 severity, publication year or custom date range for precise triage.
Instantly see base scores, severity bands (Low/Medium/High/Critical) and vector strings for every CVE.
Save frequently tracked CVEs in your browser. Your last searches are remembered locally for quick re-runs.
Download any CVE record as a clean JSON file for SIEM ingestion, ticketing systems or offline analysis.
No accounts, no tracking pixels, no third-party analytics. Your searches stay between you and NIST.
Responsive layout that fits any screen — research vulnerabilities on the go from phone, tablet or desktop.
Browse beyond the first 20 results with built-in pagination, perfect for vendor-wide investigations.
No installation, no API key, no learning curve. Just type and search.
Provide a CVE ID like CVE-2024-1234, or use a keyword such as a vendor or product name.
Optionally narrow results by CVSS severity, publication year or custom date range.
We securely proxy your request to the NVD API v2 and parse the response in real time.
Read descriptions, scores and references. Bookmark, copy or export any CVE as JSON.
Quick answers about CVEs, this tool and the underlying data source.
Cybersecurity professionals, developers and IT administrators constantly face an evolving threat landscape where new software vulnerabilities emerge daily. The Common Vulnerabilities and Exposures (CVE) system, maintained by the MITRE Corporation and enriched by the National Institute of Standards and Technology (NIST) through the National Vulnerability Database (NVD), provides a standardised reference list for publicly known security flaws. Each CVE entry receives a unique identifier (such as CVE-2024-12345) that allows security teams worldwide to communicate unambiguously about specific vulnerabilities.
Performing a CVE lookup is essential for patch management, threat intelligence, compliance audits and incident response workflows. Our free CVE Vulnerability Lookup tool simplifies this process by querying the NVD API in real time, returning accurate details about CVSS scores, affected products, vendors and remediation references. Whether you are investigating a single CVE ID by name or scanning for recent flaws impacting a particular vendor like Microsoft, Apache or Cisco, the cve search experience here is fast, mobile-friendly and developer-ready.
A vulnerability, in information security terms, refers to a weakness in a system that an attacker could exploit to compromise confidentiality, integrity or availability. Common categories include injection flaws such as SQL injection and cross-site scripting (XSS), broken authentication, sensitive data exposure, XML external entity (XXE), broken access control, security misconfiguration, cross-site request forgery (CSRF) and insecure deserialisation. Each published CVE typically includes a Common Vulnerability Scoring System (CVSS) score ranging from 0.0 to 10.0, with severity bands of Low (0.1–3.9), Medium (4.0–6.9), High (7.0–8.9) and Critical (9.0–10.0).
CVE Examples : cve-2026-31431, cve-2025-55182, cve-2025-53770, cve-2025-59287, cve-2021-44228, cve-2025-20352, cve-2026-21509, cve-2025-20333, cve-2013-3900, cve-2025-43300, cve-2024-3094, cve-2025-32463, cve-2025-61882 etc.
Knowing how to test vulnerabilities effectively requires combining CVE intelligence with active scanning tools such as website penetration testing utilities, TLS version checkers, SQL injection testers and CORS validators — all of which complement a robust defence-in-depth strategy. Our cve list search helps you triage findings by filtering results based on publication date, severity tier and keyword, so you can quickly prioritise remediation efforts. Security teams often integrate CVE feeds into SIEM platforms and ticketing systems, but a quick manual lookup remains the fastest way to verify advisory details during an active investigation.
What is a CVE exactly, and why does it matter? Beyond being an identifier, a CVE record is a community-curated knowledge artefact linking advisories, exploit databases, patches and vendor bulletins. When you perform a cve lookup here, you tap into this rich context without leaving your browser. The NVD enrichment layer adds CPE (Common Platform Enumeration) mappings so you can determine whether a specific version of software in your environment is affected. For organisations tracking compliance with frameworks like PCI-DSS, HIPAA, ISO 27001 or the NIST Cybersecurity Framework, demonstrable vulnerability management depends on referencing accurate CVE data.
If you are wondering how to test whether your infrastructure is exposed, start by listing all running software versions, then search each one in this CVE lookup tool, export the results to JSON, and cross-reference with internal asset inventories. Bookmarking frequently monitored CVE IDs in your browser helps accelerate recurring patch cycles. As threat actors increasingly weaponise fresh CVEs within hours of disclosure, the ability to perform a quick cve search becomes a critical operational capability rather than a nice-to-have convenience. Use this tool alongside our other security testing utilities — such as the SSL/TLS tester, CSRF tester, clickjacking tester and website safety checker — to build a complete picture of your attack surface. Stay proactive, stay patched, and let accurate CVE intelligence guide your security decisions every single day.
Browse our complete toolkit of penetration testing utilities, AI-powered testers and developer helpers — all free, all in your browser.
Disclaimer: All trademarks, service marks, product names and brand references (including but not limited to NVD, NIST, MITRE, CVE, CVSS, Microsoft, Apache, Cisco, Oracle, Linux and other vendor names) are the property of their respective owners. Mention of any third-party product or trademark on this page is for identification and informational purposes only and does not imply endorsement, affiliation or sponsorship. CVE is a registered trademark of MITRE Corporation. Data displayed by this tool is sourced from the public NVD REST API and is provided "as is" without warranty of any kind.