What is cvemap?

cvemap is a tool that provides a structured and easily navigable way to explore CVEs from the command line. ProjectDiscovery’s cvemap combines data from multiple public sources including:

  • NVD (NIST) database of CVEs
  • CISA database of CVEs and Known Exploited Vulnerabilities (KEVs)
  • Data from HackerOne’s CVE Discovery about the most frequently reported CVEs in their system
  • Data about EPSS scoring and the mapping to Common Platform Enumeration (CPE)
  • Data about public PoCs that might be available on GitHub along with the status of any Nuclei Template for fingerprinting the CVE

Read more about cvemap on our blog

Features and capabilities

  • CVE Dataset Search & Query
  • CVE to EPSS Mapping
  • CVE to KEV Mapping
  • CVE to CPE Mapping
  • CVE to GitHub POCs Mapping
  • CVE to Nuclei Template Mapping
  • CVE to HackerOne report Mapping
  • Customizable Filters on CVE data
  • STDIN Input / JSONL Output


Questions about using cvemap? Issues working through installation? Cool story or use case you want to share? Get in touch!

Check out the Help section of the docs or reach out to us on Discord.