Quickstart

vulnd is a hosted CVE / CWE / CPE corpus with a deterministic query API. The reads are public — you don’t need an account to look anything up. An account only buys you a higher rate limit and the ability to keep notes.

1. Search in the browser

Open Browse and type a vendor, product, or free-text query — log4j, openssl, heartbleed. Every result links to a detail page with the CVSS vector, the KEV and EPSS signals, the mapped weaknesses (CWE), and the affected builds (CPE). No login, no key.

2. Install the CLI

The same corpus, from the terminal:

curl -fsSL https://vulnd.cypherassassin.com/install.sh | sh

The script detects your OS/arch, verifies a SHA-256, and drops vuln on your PATH. See the CLI reference for the full command set.

3. Run a query

Point the CLI at the hosted daemon and ask:

export VULND_URL=https://api.vulnd.cypherassassin.com

vuln cve CVE-2021-44228            # one record
vuln search log4j --min-cvss 9     # filtered list
vuln cpe openssl/openssl/1.0.1f    # CVEs affecting a build

Add --json to any command to get the raw wire object for scripting.

4. (Optional) Sign in

Reads are public; notes need a session. Sign in once with the device grant:

vuln login --url https://api.vulnd.cypherassassin.com

It prints a short code and a URL — approve it in your browser and the CLI caches the token (refreshed automatically). Now vuln note writes stick. See Accounts and Auth for how that works.

Where to go next

• The vuln CLI — every subcommand and flag.
• The search model — how the filters compose.
• The HTTP API — the /v1 routes behind both surfaces.
• Limits — what anonymous vs signed-in gets you.