For all of the flags and options available for cvemap be sure to check out the Usage page. On this page we’ll share examples running cvemap with specific flags and goals and the output you can expect from each.

If you have questions, reach out to us through Help.

Prerequisites for cvemap

Before using cvemap, you’ll need to get a ProjectDiscovery Cloud Platform (PDCP) account and API key so that you can access the cvemap API data.

1

Sign up for PDCP

Navigate to https://cloud.projectdiscovery.io/ and click “Sign Up” (or “Sign In” if you already have a PDCP account).

2

Get your PDCP API Key

Once signed into ProjectDiscovery Cloud Platform, you can navigate to https://cloud.projectdiscovery.io/?ref=api_key to find your API Key.

Use the copy button to copy your API Key - we nee dthis to authenticate your install

3

Authorize cvemap with PDCP

To authenticate your install of cvemap, run

cvemap -auth

When prompted, paste the key you obtained above.

Basic Examples

By default, cvemap lists all the known exploited vulnerabilities based CVEs published by cisa.

List top known exploited vulnerabilities

$ cvemap -limit 10


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/ 
                               /_/
                 
      projectdiscovery.io
| ID            | CVSS | SEVERITY | EPSS    | PRODUCT               | TEMPLATE | AGE |
|---------------|------|----------|---------|-----------------------|----------|-----|
| CVE-2023-5631 | 5.4  | MEDIUM   | 0.00986 | webmail               || 18  |
| CVE-2023-5217 | 8.8  | HIGH     | 0.26047 | libvpx                || 38  |
| CVE-2023-4966 | 7.5  | HIGH     | 0.92267 | netscaler_application || 26  |
| CVE-2023-4863 | 8.8  | HIGH     | 0.4101  | chrome                || 54  |
| CVE-2023-46748| 8.8  | HIGH     | 0.00607 |                       || 10  |
| CVE-2023-46747| 9.8  | CRITICAL | 0.95304 |                       || 10  |
| CVE-2023-46604| 10   | CRITICAL | 0.01596 |                       || 9   |
| CVE-2023-44487| 7.5  | HIGH     | 0.52748 | http                  || 26  |
| CVE-2023-42824| 7.8  | HIGH     | 0.00062 | ipados                || 32  |
| CVE-2023-42793| 9.8  | CRITICAL | 0.97264 | teamcity              || 47  |

List top CVEs on HackerOne

List top CVEs being reported on hackerone platform using -h1 or -hackerone option.

$ cvemap -h1
| CVE            | CVSS | SEVERITY | RANK | REPORTS | PRODUCT              | TEMPLATE | AGE  |
|----------------|------|----------|------|---------|----------------------|----------|------|
| CVE-2020-35946 | 5.4  | MEDIUM   | 1    | 304     | all_in_one_seo_pack  || 1038 |
| CVE-2023-4966  | 7.5  | HIGH     | 2    | 54      | netscaler_application|| 26   |
| CVE-2023-22518 | 9.1  | CRITICAL | 3    | 27      |                      || 5    |
| CVE-2017-15277 | 6.5  | MEDIUM   | 4    | 1139    | graphicsmagick       || 2215 |
| CVE-2023-35813 | 9.8  | CRITICAL | 5    | 54      | experience_commerce  || 141  |
| CVE-2022-38463 | 6.1  | MEDIUM   | 6    | 342     | servicenow           || 439  |
| CVE-2020-11022 | 6.1  | MEDIUM   | 7    | 209     | jquery               || 1285 |
| CVE-2020-11023 | 6.1  | MEDIUM   | 8    | 208     | jquery               || 1285 |
| CVE-2023-38205 | 7.5  | HIGH     | 9    | 162     | coldfusion           || 52   |
| CVE-2019-11358 | 6.1  | MEDIUM   | 10   | 214     | jquery               || 1660 |

cvemap provide multiple ways to query cve data i.e by product, vendor, severity, cpe, assignee, cvss-score, epss-score, age etc, for example:

List all CVEs for Confluence

List all the cves published for Atlassian Confluence:

cvemap -product confluence -l 5
| ID            | CVSS | SEVERITY | EPSS    | PRODUCT    | TEMPLATE |
|---------------|------|----------|---------|------------|----------|
| CVE-2020-4027 | 4.7  | MEDIUM   | 0.00105 | confluence ||
| CVE-2019-3398 | 8.8  | HIGH     | 0.97342 | confluence ||
| CVE-2019-3396 | 9.8  | CRITICAL | 0.97504 | confluence ||
| CVE-2019-3395 | 9.8  | CRITICAL | 0.07038 | confluence ||
| CVE-2019-3394 | 8.8  | HIGH     | 0.1885  | confluence ||

As default, cvemap display default / limit fields which can be custizmed and controoled using -field/ -f option, for example:

$ cvemap -severity critical -field assignee,vstatus,poc -l 5
| ID            | CVSS | SEVERITY | EPSS    | PRODUCT          | TEMPLATE | ASSIGNEE               | VSTATUS     | POC   |
|---------------|------|----------|---------|------------------|----------|------------------------|-------------|-------|
| CVE-2023-5843 | 9    | CRITICAL | 0.00053 |                  || security@wordfence.com | UNCONFIRMED | FALSE |
| CVE-2023-5832 | 9.1  | CRITICAL | 0.00043 |                  || security@huntr.dev     | UNCONFIRMED | FALSE |
| CVE-2023-5824 | 9.6  | CRITICAL | 0.00045 |                  || secalert@redhat.com    | UNCONFIRMED | FALSE |
| CVE-2023-5820 | 9.6  | CRITICAL | 0.00047 |                  || security@wordfence.com | UNCONFIRMED | FALSE |
| CVE-2023-5807 | 9.8  | CRITICAL | 0.00076 | education_portal || cve@usom.gov.tr        | CONFIRMED   | FALSE |

To list cves with matching threshold like, CVSS score or EPSS Score / Percentile, below options can be used:

$ cvemap -silent -cs '> 7' -es '> 0.00053' -l 5
| ID            | CVSS | SEVERITY | EPSS    | PRODUCT                               | TEMPLATE |
|---------------|------|----------|---------|---------------------------------------|----------|
| CVE-2023-5860 | 7.2  | HIGH     | 0.00132 |                                       ||
| CVE-2023-5843 | 9    | CRITICAL | 0.00053 |                                       ||
| CVE-2023-5807 | 9.8  | CRITICAL | 0.00076 | education_portal                      ||
| CVE-2023-5804 | 9.8  | CRITICAL | 0.00063 | nipah_virus_testing_management_system ||
| CVE-2023-5802 | 8.8  | HIGH     | 0.00058 | wp_knowledgebase                      ||

To filter cves to match with specifc conditions like, cves has public poc or template and in the list of kev, belows options can beused:

$ cvemap -silent -template=false -poc=true -kev=true -l 5 -f poc,kev
| ID             | CVSS | SEVERITY | EPSS    | PRODUCT | TEMPLATE | POC  | KEV  |
|----------------|------|----------|---------|---------|----------|------|------|
| CVE-2023-5631  | 5.4  | MEDIUM   | 0.00986 | webmail || TRUE | TRUE |
| CVE-2023-5217  | 8.8  | HIGH     | 0.26047 | libvpx  || TRUE | TRUE |
| CVE-2023-4863  | 8.8  | HIGH     | 0.4101  | chrome  || TRUE | TRUE |
| CVE-2023-44487 | 7.5  | HIGH     | 0.52748 | http    || TRUE | TRUE |
| CVE-2023-41993 | 9.8  | CRITICAL | 0.00617 | safari  || TRUE | TRUE |

Return CVE IDs only

To return only CVE IDs, -lsi or -list-id flag can be used along with existing filter or search of cvemap.

cvemap -kev -limit 10 -list-id

CVE-2024-21887
CVE-2024-0519
CVE-2023-7101
CVE-2023-7024
CVE-2023-6549
CVE-2023-6548
CVE-2023-6448
CVE-2023-6345
CVE-2023-5631
CVE-2023-5217

JSON Output

$ echo CVE-2024-21887 | cvemap -json
[
  {
    "cve_id": "CVE-2024-21887",
    "cve_description": "A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)  allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.",
    "severity": "critical",
    "cvss_score": 9.1,
    "cvss_metrics": {
      "cvss30": {
        "score": 9.1,
        "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "severity": "critical"
      },
      "cvss31": {
        "score": 9.1,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "severity": "critical"
      }
    },
    "weaknesses": [
      {
        "cwe_id": "CWE-77",
        "cwe_name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')"
      }
    ],
    "epss": {
      "epss_score": 0.95688,
      "epss_percentile": 0.99289
    },
    "cpe": {
      "cpe": "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
      "vendor": "ivanti",
      "product": "connect_secure"
    },
    "reference": [
      "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html"
    ],
    "poc": [
      {
        "url": "https://github.com/tucommenceapousser/CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-20T19:15:23Z"
      },
      {
        "url": "https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-19T08:11:31Z"
      },
      {
        "url": "https://github.com/seajaysec/Ivanti-Connect-Around-Scan",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-19T02:12:11Z"
      },
      {
        "url": "https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-18T13:25:46Z"
      },
      {
        "url": "https://github.com/TheRedDevil1/Check-Vulns-Script",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-17T10:29:02Z"
      },
      {
        "url": "https://github.com/Chocapikk/CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-16T20:59:38Z"
      },
      {
        "url": "https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-16T19:40:59Z"
      },
      {
        "url": "https://github.com/rxwx/pulse-meter",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-16T19:19:52Z"
      },
      {
        "url": "https://github.com/oways/ivanti-CVE-2024-21887",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-14T09:25:56Z"
      }
    ],
    "vendor_advisory": "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
    "is_template": true,
    "nuclei_templates": {
      "template_path": "http/cves/2024/CVE-2024-21887.yaml",
      "template_url": "https://cloud.projectdiscovery.io/public/CVE-2024-21887",
      "created_at": "2024-01-17T02:23:45+05:30",
      "updated_at": "2024-01-16T21:14:22Z"
    },
    "is_exploited": true,
    "kev": {
      "added_date": "2024-01-10",
      "due_date": "2024-01-22"
    },
    "assignee": "support@hackerone.com",
    "published_at": "2024-01-12T17:15:10.017",
    "updated_at": "2024-01-22T17:15:09.523",
    "hackerone": {
      "rank": 6345,
      "count": 0
    },
    "age_in_days": 10,
    "vuln_status": "modified",
    "is_poc": true,
    "is_remote": false,
    "is_oss": false,
    "vulnerable_cpe": [
      "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*",
      "cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*"
    ]
  }
]

Advanced Filters

You can combine filters with a -q query to match multiple filters. For example:

cvemap -q '"remote code execution" 2023 is_remote:true is_poc:true sort_asc:age_in_days'
| ID            | CVSS | SEVERITY | EPSS    | PRODUCT | TEMPLATE | POC  | KEV  |
|---------------|------|----------|---------|---------|----------|------|------|
| CVE-2023-5631 | 5.4  | MEDIUM   | 0.00986 | webmail || TRUE | TRUE |
| CVE-2023-5217 | 8.8  | HIGH     | 0.26047 | libvpx  || TRUE | TRUE |
| CVE-2023-4863 | 8.8  | HIGH     | 0.4101  | chrome  || TRUE | TRUE |
| CVE-2023-44487| 7.5  | HIGH     | 0.52748 | http    || TRUE | TRUE |
| CVE-2023-41993| 9.8  | CRITICAL | 0.00617 | safari  || TRUE | TRUE |

You can see the documentation for all available filters below:

Metadata

age_in_days
number

Age of the CVE

assignee
string

The assignee for this CVE.

Typically this is an email address such as security@apache.org or cve@mitre.org

cve_description
string

The description of the CVE from the NVD

cve_id
string

The CVE ID for a specific CVE such as CVE-2019-7070

cvss_score
number

The CVSS v3.0 score for this CloseEvent. Example: 8.8

is_exploited
boolean
is_oss
boolean

Is this CVE in open source software with OSS data available?

is_poc
boolean

Is there a Proof of Concept (POC) available for this CVE?

.is_remote
boolean

Is this CVE remotely exploitable?

is_template
boolean

Is there a Nuclei Template available for this CVE?

patch_url
string

The URL for the patch for this CVE.

Example: https://helpx.adobe.com/security/products/acrobat/apsb19-07.html

published_at
datetime

The published date and time for this CVE. Example: 2019-05-24T19:29:02.080

reference
string

The URL reference for this CVE.

Example: https://www.zerodayinitiative.com/advisories/ZDI-19-210/

severity
string

The CVSS 3.0 severity for this CVE. Example: severity

updated_at
datetime

The last date and time that this CVE was updated. Example: 2019-08-21T16:20:31.353

vendor_advisory
string

The URL for the vendor advisory for this CVE.

Example: vendor_advisory

vuln_status
string

The vulnerability status this CVE. Example: confirmed

vulnerable_cpe
string

The CPE string for this CVE. Example: cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

CPE Data

Common Platform Enumeration (CPE) Data

cpe
Common Platform Enumeration Object

CVSS Data

Common Vulnerability Scoring System (CVSS) Data

cvss_metrics
CVSS Object

EPSS Data

Use After FreeExploit Prediction Scoring System (EPSS) Data

epss
EPSS Object

HackerOne Data

hackerone
hackerone Object

KVE Data

Known Exploited Vulnerability (KEV) Data

kev
KVE Object

Nuclei Template Data

nuclei_templates
Nuclei Template Object

Open Source Software (OSS) Data

oss
OSS Object

Proof of Concept (POC) Data

poc
POC Object

Shodan Data

shodan
Shodan Object

CWE Data

Common Weakness Enumeration (CWE) Data

weaknesses
CWE Object