cve-research

Original：🇺🇸 English

Translated

Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.

1installs

Sourcefusengine/agents

Added on2026-03-01

NPX Install

npx skill4agent add fusengine/agents cve-research

SKILL.md Content

View Translation Comparison →

CVE Research Skill

Overview

Research known vulnerabilities for project dependencies using multiple sources.

Data Sources

Source	API	Coverage
NVD	nvd.nist.gov/vuln/api	All CVEs
OSV.dev	api.osv.dev	npm, PyPI, Go, crates, Maven
GitHub Advisory	github.com/advisories	npm, pip, composer, cargo
Exa Search	Via MCP	Real-time web search

Workflow

Extract dependencies from project (package.json, etc.)
Query each source for known CVEs
Cross-reference findings across sources
Prioritize by CVSS score and exploitability
Report with fix versions and workarounds

Query Strategy

For each dependency:

Search OSV.dev first (fastest, most accurate for packages)
Cross-check NVD for CVSS scoring
Use Exa for recent advisories not yet in databases
Check GitHub Advisory for maintainer responses

Severity Mapping

CVSS Score	Severity	Action
9.0 - 10.0	CRITICAL	Fix immediately
7.0 - 8.9	HIGH	Fix before merge
4.0 - 6.9	MEDIUM	Plan fix
0.1 - 3.9	LOW	Document

References

CVE APIs Reference
Query Templates