Skip to content
clusters: prooflayer · edgemarket · edgefinance · synthforge · mediakit · wordmint · webprobe · locale · comppoint · rollforge · bestiary · statline · matchpoint · retail · agentops · browserworkflow · modelrouter · compose
$ man cve-lookup

/cve-lookup

agentutility / prooflayer / cve-lookup
PRICE / CALL
$0.005
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
prooflayer
CATEGORY
ai
STATUS
live
NAME
cve-lookup looks up a cve and returns its canonical nist nvd record: description, cvss v3.1 and v2 vectors plus numeric scores, severity bucket, cwe…
SYNOPSIS
POST https://x402.agentutility.ai/cve-lookup
     Content-Type: application/json
     X-PAYMENT:    <signed-transferWithAuthorization>

     { ... }
↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION

Looks up a CVE and returns its canonical NIST NVD record: description, CVSS v3.1 and v2 vectors plus numeric scores, severity bucket, CWE class, affected CPE list, NVD references, and a public-exploit-known boolean with reference URLs. Takes a CVE-YYYY-NNNNN identifier and includes a bounded plain-English exploitability summary. Federal public data. Use it as a vulnerability database, NVD record fetcher, CVSS scorer, Log4Shell-style advisory inspector, known-exploit checker, CISA KEV adjacent tool, patch-priority triage aid, or CWE classifier.

INPUTrequest schema
propertytypedescriptionreq?
cve_idstringCVE identifier in 'CVE-YYYY-NNNN[N...]' format. Case-insensitive. Example 'CVE-2021-44228' (Log4Shell).required
OUTPUTresponse shape
fieldtypedescription
cve_idstringCVE identifier in standard CVE-YYYY-NNNNN format.
descriptionstringOfficial NVD summary of the vulnerability and its impact.
publishedstringISO 8601 timestamp of when the CVE was first published to NVD.
cvss_v3_1objectFull CVSS v3.1 metrics object with base score, vector string, and impact/exploitability subscores.
cvss_v2objectFull CVSS v2 metrics object with base score, vector, and access/impact subscores when available.
scorenumberPrimary numeric CVSS score (v3.1 base score preferred, falls back to v2) on a 0-10 scale.
severitystringSeverity label derived from the CVSS score: NONE, LOW, MEDIUM, HIGH, or CRITICAL.
cwearrayArray of associated CWE identifiers classifying the weakness type (e.g. CWE-79, CWE-89).
affected_cpesarrayArray of CPE 2.3 URIs identifying vendor, product, and version ranges affected by the CVE.
exploit_summarystringLLM-generated plain-English summary of how the vulnerability is exploited and its practical impact.
public_exploit_knownbooleanTrue if a public proof-of-concept or weaponized exploit exists for this CVE.
exploit_referencesarrayArray of URLs pointing to public exploit code, PoCs, or exploit-DB entries for the CVE.
referencesarrayArray of NVD reference URLs: vendor advisories, patches, mailing-list posts, and analysis writeups.
EXAMPLEStwo ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/cve-lookup \
  -H 'Content-Type: application/json' \
  -d '{ }'
first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>

# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...

# Then call the cve-lookup tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
tags
cvevulnerabilitysecuritynvdexploit
env
VENICE_API_KEY
methods
POST
cluster
prooflayer
price
$0.005 USDC per call
ADJACENTother endpoints in prooflayer
endpointdescriptionprice
cveLooks up a CVE and returns the full NIST NVD vulnerability record.$0.005
pypi-package-riskScores the supply-chain risk of a PyPI package before you install it.$0.01
app-store-rejection-explainExplains App Store and Google Play rejections and turns them into a resubmission plan.$0.02
db-migration-riskAudits database migrations for risky SQL before deploy.$0.02
deploy-config-riskAudits deploy configuration files for production risks.$0.02
secrets-exposure-checkScans project config files for hardcoded secrets before you deploy.$0.02
ai-content-detectorDetect AI-generated writing with a calibrated probability score.$0.03
dep-risk-summaryScores dependency risk for a whole repo from its manifests and lockfiles.$0.03
SEE ALSO
agentutility · prooflayer · x402 · mcp · llms.txt · registry.json · bazaar.x402.org