CVE (Common Vulnerabilities and Exposures) is a public dictionary of publicly disclosed security flaws. Each CVE has a unique ID in the format CVE-YYYY-NNNN and is maintained by MITRE and the National Vulnerability Database (NVD).

How do I search for a CVE?

Type a CVE ID (e.g. CVE-2021-44228), a product name (e.g. log4j, openssl), a vendor, or any keyword. The tool queries the vuln.mlab.sh vulnerability database and returns matching CVEs with CVSS score and severity.

Is this CVE search free?

Yes. The CVE search tool on mlab.sh is free, requires no sign-up, and has no rate limit for normal use. It is powered by vuln.mlab.sh, an open vulnerability search engine.

Where does the CVE data come from?

The data comes from the National Vulnerability Database (NVD), enriched with EPSS exploit prediction scores and CISA KEV (Known Exploited Vulnerabilities) catalog data on the detail pages hosted at vuln.mlab.sh.

What is a CVSS score?

CVSS (Common Vulnerability Scoring System) is a numeric severity rating from 0.0 to 10.0 assigned to each CVE. 9.0-10.0 is Critical, 7.0-8.9 is High, 4.0-6.9 is Medium, and 0.1-3.9 is Low.

CVE Search

Search the National Vulnerability Database. CVE ID, keyword, product or vendor — instant lookup. Powered by vuln.mlab.sh — free, no sign-up.

Related tools

How to use

Type your query

A CVE ID, a product name, a vendor, or any keyword from the description.

Scan the results

The top 10 matching CVEs show with severity, CVSS score, and a description preview.

Open the detail

Click a result to open the full CVE page on vuln.mlab.sh (references, EPSS, KEV, CVSS breakdown).

Bookmark & share

Every CVE has a clean URL at vuln.mlab.sh/cve/CVE-YYYY-NNNN.

What is a CVE?

A CVE (Common Vulnerabilities and Exposures) is a public, standardized identifier for a specific security flaw in a piece of software, firmware or hardware. Each CVE is assigned a unique ID in the format CVE-YYYY-NNNN (for example CVE-2021-44228, the Log4Shell vulnerability in Apache Log4j).

The CVE program is run by MITRE, and the detailed vulnerability records are published by the National Vulnerability Database (NVD). Each record contains a description, a CVSS score (severity from 0.0 to 10.0), affected products, and references to vendor advisories and exploits.

This CVE search tool queries vuln.mlab.sh, a free CVE search engine built on top of NVD and enriched with EPSS exploit prediction and CISA KEV (Known Exploited Vulnerabilities) data. Click any result to open its full detail page on vuln.mlab.sh.

Frequently Asked Questions

CVE stands for Common Vulnerabilities and Exposures. It is a public catalog of disclosed security flaws, each identified by a unique ID (CVE-YYYY-NNNN). It is managed by MITRE and NVD.

Type a CVE ID (CVE-2021-44228), a product (log4j), a vendor (apache), or any keyword. The tool searches across CVE descriptions and returns the top 10 matches.

CVSS (Common Vulnerability Scoring System) rates severity from 0.0 to 10.0: 9.0–10.0 Critical, 7.0–8.9 High, 4.0–6.9 Medium, 0.1–3.9 Low.

All CVE records come from the National Vulnerability Database (NVD), enriched with EPSS and CISA KEV data on the detail pages hosted at vuln.mlab.sh.

Navigation