$ man cve-lookup
/cve-lookup
PRICE / CALL
$0.005
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
prooflayerCATEGORY
ai
STATUS
● live
NAME
cve-lookup — looks up a cve and returns its canonical nist nvd record: description, cvss v3.1 and v2 vectors plus numeric scores, severity bucket, cwe…
SYNOPSIS
POST https://x402.agentutility.ai/cve-lookup
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call →
402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.DESCRIPTION
Looks up a CVE and returns its canonical NIST NVD record: description, CVSS v3.1 and v2 vectors plus numeric scores, severity bucket, CWE class, affected CPE list, NVD references, and a public-exploit-known boolean with reference URLs. Takes a CVE-YYYY-NNNNN identifier and includes a bounded plain-English exploitability summary. Federal public data. Use it as a vulnerability database, NVD record fetcher, CVSS scorer, Log4Shell-style advisory inspector, known-exploit checker, CISA KEV adjacent tool, patch-priority triage aid, or CWE classifier.
INPUT — request schema
| property | type | description | req? |
|---|---|---|---|
| cve_id | string | CVE identifier in 'CVE-YYYY-NNNN[N...]' format. Case-insensitive. Example 'CVE-2021-44228' (Log4Shell). | required |
OUTPUT — response shape
| field | type | description |
|---|---|---|
| cve_id | string | CVE identifier in standard CVE-YYYY-NNNNN format. |
| description | string | Official NVD summary of the vulnerability and its impact. |
| published | string | ISO 8601 timestamp of when the CVE was first published to NVD. |
| cvss_v3_1 | object | Full CVSS v3.1 metrics object with base score, vector string, and impact/exploitability subscores. |
| cvss_v2 | object | Full CVSS v2 metrics object with base score, vector, and access/impact subscores when available. |
| score | number | Primary numeric CVSS score (v3.1 base score preferred, falls back to v2) on a 0-10 scale. |
| severity | string | Severity label derived from the CVSS score: NONE, LOW, MEDIUM, HIGH, or CRITICAL. |
| cwe | array | Array of associated CWE identifiers classifying the weakness type (e.g. CWE-79, CWE-89). |
| affected_cpes | array | Array of CPE 2.3 URIs identifying vendor, product, and version ranges affected by the CVE. |
| exploit_summary | string | LLM-generated plain-English summary of how the vulnerability is exploited and its practical impact. |
| public_exploit_known | boolean | True if a public proof-of-concept or weaponized exploit exists for this CVE. |
| exploit_references | array | Array of URLs pointing to public exploit code, PoCs, or exploit-DB entries for the CVE. |
| references | array | Array of NVD reference URLs: vendor advisories, patches, mailing-list posts, and analysis writeups. |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/cve-lookup \
-H 'Content-Type: application/json' \
-d '{ }'first response =
402 Payment Required with payment requirements; sign + retry with X-PAYMENT.EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster npx -y @agentutility/mcp-<cluster> # Required: EVM private key with USDC on Base export X402_PRIVATE_KEY=0x... # Then call the cve-lookup tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- cvevulnerabilitysecuritynvdexploit
- env
- VENICE_API_KEY
- methods
- POST
- cluster
- prooflayer
- price
- $0.005 USDC per call
ADJACENT — other endpoints in prooflayer
| endpoint | description | price |
|---|---|---|
| cve | Looks up a CVE and returns the full NIST NVD vulnerability record. | $0.005 |
| pypi-package-risk | Scores the supply-chain risk of a PyPI package before you install it. | $0.01 |
| app-store-rejection-explain | Explains App Store and Google Play rejections and turns them into a resubmission plan. | $0.02 |
| db-migration-risk | Audits database migrations for risky SQL before deploy. | $0.02 |
| deploy-config-risk | Audits deploy configuration files for production risks. | $0.02 |
| secrets-exposure-check | Scans project config files for hardcoded secrets before you deploy. | $0.02 |
| ai-content-detector | Detect AI-generated writing with a calibrated probability score. | $0.03 |
| dep-risk-summary | Scores dependency risk for a whole repo from its manifests and lockfiles. | $0.03 |
SEE ALSO