Documentation

vulnd is a hosted CVE / CWE / CPE corpus with a public, deterministic query API. Read it anonymously in the browser or from the terminal; sign in to keep notes. Start with the quickstart, then dig into the CLI, the search model, and the HTTP API.

Quickstart

Search the corpus in the browser, install the CLI, run your first query — in five minutes.

The vuln CLI

Install it, point it at the daemon, and query the corpus or keep notes from the terminal.

The search model

Free-text plus a stack of filters — CVSS, severity, EPSS, KEV, CWE, vendor, product — composed with AND or OR.

The HTTP API

The /v1 routes behind the browser and the CLI — public reads, OAuth-only notes, JSON throughout.

Accounts

What an account is for, how sign-in works, MFA, and how your activity is attributed to you.

Auth

OAuth 2.1 throughout — authorization-code + PKCE in the browser, the device grant for the CLI. No API keys.

Limits

What anonymous reads get, what a signed-in session gets, and how the daemon signals throttling.