Running cvemap
Learn about running cvemap with examples including commands and output
For all of the flags and options available for cvemap be sure to check out the Usage page. On this page we’ll share examples running cvemap with specific flags and goals
and the output you can expect from each.
If you have questions, reach out to us through Help.
Prerequisites for cvemap
Before using cvemap, you’ll need to get a ProjectDiscovery Cloud Platform (PDCP) account and API key so that you can access the cvemap API data.
Sign up for PDCP
Navigate to https://cloud.projectdiscovery.io/ and click “Sign Up” (or “Sign In” if you already have a PDCP account).
Get your PDCP API Key
Once signed into ProjectDiscovery Cloud Platform, you can navigate to https://cloud.projectdiscovery.io/?ref=api_key to find your API Key.
Use the copy button to copy your API Key - we nee dthis to authenticate your install
Authorize cvemap with PDCP
To authenticate your install of cvemap, run
cvemap -auth
When prompted, paste the key you obtained above.
Basic Examples
By default, cvemap lists all the known exploited vulnerabilities based CVEs published by cisa.
List top known exploited vulnerabilities
$ cvemap -limit 10
______ _____ ____ ___ ____ ____
/ ___/ | / / _ \/ __ \__ \/ __ \/ __ \
/ /__ | |/ / __/ / / / / / /_/ / /_/ /
\___/ |___/\___/_/ /_/ /_/\__,_/ .___/
/_/
projectdiscovery.io
| ID | CVSS | SEVERITY | EPSS | PRODUCT | TEMPLATE | AGE |
|---------------|------|----------|---------|-----------------------|----------|-----|
| CVE-2023-5631 | 5.4 | MEDIUM | 0.00986 | webmail | ❌ | 18 |
| CVE-2023-5217 | 8.8 | HIGH | 0.26047 | libvpx | ❌ | 38 |
| CVE-2023-4966 | 7.5 | HIGH | 0.92267 | netscaler_application | ✅ | 26 |
| CVE-2023-4863 | 8.8 | HIGH | 0.4101 | chrome | ❌ | 54 |
| CVE-2023-46748| 8.8 | HIGH | 0.00607 | | ❌ | 10 |
| CVE-2023-46747| 9.8 | CRITICAL | 0.95304 | | ✅ | 10 |
| CVE-2023-46604| 10 | CRITICAL | 0.01596 | | ✅ | 9 |
| CVE-2023-44487| 7.5 | HIGH | 0.52748 | http | ❌ | 26 |
| CVE-2023-42824| 7.8 | HIGH | 0.00062 | ipados | ❌ | 32 |
| CVE-2023-42793| 9.8 | CRITICAL | 0.97264 | teamcity | ✅ | 47 |
List top CVEs on HackerOne
List top CVEs being reported on hackerone platform using -h1 or -hackerone option.
$ cvemap -h1
| CVE | CVSS | SEVERITY | RANK | REPORTS | PRODUCT | TEMPLATE | AGE |
|----------------|------|----------|------|---------|----------------------|----------|------|
| CVE-2020-35946 | 5.4 | MEDIUM | 1 | 304 | all_in_one_seo_pack | ❌ | 1038 |
| CVE-2023-4966 | 7.5 | HIGH | 2 | 54 | netscaler_application| ✅ | 26 |
| CVE-2023-22518 | 9.1 | CRITICAL | 3 | 27 | | ✅ | 5 |
| CVE-2017-15277 | 6.5 | MEDIUM | 4 | 1139 | graphicsmagick | ❌ | 2215 |
| CVE-2023-35813 | 9.8 | CRITICAL | 5 | 54 | experience_commerce | ✅ | 141 |
| CVE-2022-38463 | 6.1 | MEDIUM | 6 | 342 | servicenow | ✅ | 439 |
| CVE-2020-11022 | 6.1 | MEDIUM | 7 | 209 | jquery | ❌ | 1285 |
| CVE-2020-11023 | 6.1 | MEDIUM | 8 | 208 | jquery | ❌ | 1285 |
| CVE-2023-38205 | 7.5 | HIGH | 9 | 162 | coldfusion | ✅ | 52 |
| CVE-2019-11358 | 6.1 | MEDIUM | 10 | 214 | jquery | ❌ | 1660 |
cvemap provide multiple ways to query cve data i.e by product, vendor, severity, cpe, assignee, cvss-score, epss-score, age etc, for example:
List all CVEs for Confluence
List all the cves published for Atlassian Confluence:
cvemap -product confluence -l 5
| ID | CVSS | SEVERITY | EPSS | PRODUCT | TEMPLATE |
|---------------|------|----------|---------|------------|----------|
| CVE-2020-4027 | 4.7 | MEDIUM | 0.00105 | confluence | ❌ |
| CVE-2019-3398 | 8.8 | HIGH | 0.97342 | confluence | ✅ |
| CVE-2019-3396 | 9.8 | CRITICAL | 0.97504 | confluence | ✅ |
| CVE-2019-3395 | 9.8 | CRITICAL | 0.07038 | confluence | ❌ |
| CVE-2019-3394 | 8.8 | HIGH | 0.1885 | confluence | ❌ |
As default, cvemap display default / limit fields which can be custizmed and controoled using -field/ -f option, for example:
$ cvemap -severity critical -field assignee,vstatus,poc -l 5
| ID | CVSS | SEVERITY | EPSS | PRODUCT | TEMPLATE | ASSIGNEE | VSTATUS | POC |
|---------------|------|----------|---------|------------------|----------|------------------------|-------------|-------|
| CVE-2023-5843 | 9 | CRITICAL | 0.00053 | | ❌ | security@wordfence.com | UNCONFIRMED | FALSE |
| CVE-2023-5832 | 9.1 | CRITICAL | 0.00043 | | ❌ | security@huntr.dev | UNCONFIRMED | FALSE |
| CVE-2023-5824 | 9.6 | CRITICAL | 0.00045 | | ❌ | secalert@redhat.com | UNCONFIRMED | FALSE |
| CVE-2023-5820 | 9.6 | CRITICAL | 0.00047 | | ❌ | security@wordfence.com | UNCONFIRMED | FALSE |
| CVE-2023-5807 | 9.8 | CRITICAL | 0.00076 | education_portal | ❌ | cve@usom.gov.tr | CONFIRMED | FALSE |
To list cves with matching threshold like, CVSS score or EPSS Score / Percentile, below options can be used:
$ cvemap -silent -cs '> 7' -es '> 0.00053' -l 5
| ID | CVSS | SEVERITY | EPSS | PRODUCT | TEMPLATE |
|---------------|------|----------|---------|---------------------------------------|----------|
| CVE-2023-5860 | 7.2 | HIGH | 0.00132 | | ❌ |
| CVE-2023-5843 | 9 | CRITICAL | 0.00053 | | ❌ |
| CVE-2023-5807 | 9.8 | CRITICAL | 0.00076 | education_portal | ❌ |
| CVE-2023-5804 | 9.8 | CRITICAL | 0.00063 | nipah_virus_testing_management_system | ❌ |
| CVE-2023-5802 | 8.8 | HIGH | 0.00058 | wp_knowledgebase | ❌ |
To filter cves to match with specifc conditions like, cves has public poc or template and in the list of kev, belows options can beused:
$ cvemap -silent -template=false -poc=true -kev=true -l 5 -f poc,kev
| ID | CVSS | SEVERITY | EPSS | PRODUCT | TEMPLATE | POC | KEV |
|----------------|------|----------|---------|---------|----------|------|------|
| CVE-2023-5631 | 5.4 | MEDIUM | 0.00986 | webmail | ❌ | TRUE | TRUE |
| CVE-2023-5217 | 8.8 | HIGH | 0.26047 | libvpx | ❌ | TRUE | TRUE |
| CVE-2023-4863 | 8.8 | HIGH | 0.4101 | chrome | ❌ | TRUE | TRUE |
| CVE-2023-44487 | 7.5 | HIGH | 0.52748 | http | ❌ | TRUE | TRUE |
| CVE-2023-41993 | 9.8 | CRITICAL | 0.00617 | safari | ❌ | TRUE | TRUE |
Return CVE IDs only
To return only CVE IDs, -lsi or -list-id flag can be used along with existing filter or search of cvemap.
cvemap -kev -limit 10 -list-id
CVE-2024-21887
CVE-2024-0519
CVE-2023-7101
CVE-2023-7024
CVE-2023-6549
CVE-2023-6548
CVE-2023-6448
CVE-2023-6345
CVE-2023-5631
CVE-2023-5217
JSON Output
$ echo CVE-2024-21887 | cvemap -json
[
{
"cve_id": "CVE-2024-21887",
"cve_description": "A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.",
"severity": "critical",
"cvss_score": 9.1,
"cvss_metrics": {
"cvss30": {
"score": 9.1,
"vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"severity": "critical"
},
"cvss31": {
"score": 9.1,
"vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"severity": "critical"
}
},
"weaknesses": [
{
"cwe_id": "CWE-77",
"cwe_name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
],
"epss": {
"epss_score": 0.95688,
"epss_percentile": 0.99289
},
"cpe": {
"cpe": "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
"vendor": "ivanti",
"product": "connect_secure"
},
"reference": [
"http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html"
],
"poc": [
{
"url": "https://github.com/tucommenceapousser/CVE-2024-21887",
"source": "gh-nomi-sec",
"added_at": "2024-01-20T19:15:23Z"
},
{
"url": "https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped",
"source": "gh-nomi-sec",
"added_at": "2024-01-19T08:11:31Z"
},
{
"url": "https://github.com/seajaysec/Ivanti-Connect-Around-Scan",
"source": "gh-nomi-sec",
"added_at": "2024-01-19T02:12:11Z"
},
{
"url": "https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887",
"source": "gh-nomi-sec",
"added_at": "2024-01-18T13:25:46Z"
},
{
"url": "https://github.com/TheRedDevil1/Check-Vulns-Script",
"source": "gh-nomi-sec",
"added_at": "2024-01-17T10:29:02Z"
},
{
"url": "https://github.com/Chocapikk/CVE-2024-21887",
"source": "gh-nomi-sec",
"added_at": "2024-01-16T20:59:38Z"
},
{
"url": "https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887",
"source": "gh-nomi-sec",
"added_at": "2024-01-16T19:40:59Z"
},
{
"url": "https://github.com/rxwx/pulse-meter",
"source": "gh-nomi-sec",
"added_at": "2024-01-16T19:19:52Z"
},
{
"url": "https://github.com/oways/ivanti-CVE-2024-21887",
"source": "gh-nomi-sec",
"added_at": "2024-01-14T09:25:56Z"
}
],
"vendor_advisory": "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
"is_template": true,
"nuclei_templates": {
"template_path": "http/cves/2024/CVE-2024-21887.yaml",
"template_url": "https://cloud.projectdiscovery.io/public/CVE-2024-21887",
"created_at": "2024-01-17T02:23:45+05:30",
"updated_at": "2024-01-16T21:14:22Z"
},
"is_exploited": true,
"kev": {
"added_date": "2024-01-10",
"due_date": "2024-01-22"
},
"assignee": "support@hackerone.com",
"published_at": "2024-01-12T17:15:10.017",
"updated_at": "2024-01-22T17:15:09.523",
"hackerone": {
"rank": 6345,
"count": 0
},
"age_in_days": 10,
"vuln_status": "modified",
"is_poc": true,
"is_remote": false,
"is_oss": false,
"vulnerable_cpe": [
"cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*",
"cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*"
]
}
]
Advanced Filters
You can combine filters with a -q query to match multiple filters. For example:
cvemap -q '"remote code execution" 2023 is_remote:true is_poc:true sort_asc:age_in_days'
| ID | CVSS | SEVERITY | EPSS | PRODUCT | TEMPLATE | POC | KEV |
|---------------|------|----------|---------|---------|----------|------|------|
| CVE-2023-5631 | 5.4 | MEDIUM | 0.00986 | webmail | ❌ | TRUE | TRUE |
| CVE-2023-5217 | 8.8 | HIGH | 0.26047 | libvpx | ❌ | TRUE | TRUE |
| CVE-2023-4863 | 8.8 | HIGH | 0.4101 | chrome | ❌ | TRUE | TRUE |
| CVE-2023-44487| 7.5 | HIGH | 0.52748 | http | ❌ | TRUE | TRUE |
| CVE-2023-41993| 9.8 | CRITICAL | 0.00617 | safari | ❌ | TRUE | TRUE |
You can see the documentation for all available filters below:
Metadata
Age of the CVE
The assignee for this CVE.
Typically this is an email address such as security@apache.org or cve@mitre.org
The description of the CVE from the NVD
The CVE ID for a specific CVE such as CVE-2019-7070
The CVSS v3.0 score for this CloseEvent. Example: 8.8
Is the CVE marked as a Known Exploited Vulnerability (KEV)
Is this CVE in open source software with OSS data available?
Is there a Proof of Concept (POC) available for this CVE?
Is this CVE remotely exploitable?
Is there a Nuclei Template available for this CVE?
The URL for the patch for this CVE.
Example: https://helpx.adobe.com/security/products/acrobat/apsb19-07.html
The published date and time for this CVE. Example: 2019-05-24T19:29:02.080
The URL reference for this CVE.
Example: https://www.zerodayinitiative.com/advisories/ZDI-19-210/
The CVSS 3.0 severity for this CVE. Example: severity
The last date and time that this CVE was updated. Example: 2019-08-21T16:20:31.353
The URL for the vendor advisory for this CVE.
Example: vendor_advisory
The vulnerability status this CVE. Example: confirmed
The CPE string for this CVE. Example: cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
CPE Data
Common Platform Enumeration (CPE) Data
CVSS Data
Common Vulnerability Scoring System (CVSS) Data
EPSS Data
Use After FreeExploit Prediction Scoring System (EPSS) Data
HackerOne Data
KVE Data
Known Exploited Vulnerability (KEV) Data
Nuclei Template Data
Open Source Software (OSS) Data
Proof of Concept (POC) Data
Shodan Data
CWE Data
Common Weakness Enumeration (CWE) Data