The search model
Search is one endpoint, GET /v1/cve, with a free-text query and a stack of
optional filters. The browser Browse page and vuln search are two
front-ends over the same parameters.
Free text
The positional query matches CVE summaries, reference tags, and mapped weakness ids:
vuln search "remote code execution"
vuln search log4jLeave it empty to filter the whole corpus by the axes below.
The filter axes
| Filter | CLI flag | Meaning |
|---|---|---|
| KEV | --kev / --no-kev | On / off CISA’s Known Exploited list. |
| CVSS | --min-cvss 9.0 | Minimum base score (v3.1, falling back to v4.0). |
| Severity | --min-severity high | Minimum qualitative severity. |
| EPSS | --min-epss 0.5 | Minimum exploit-prediction score. |
| Weakness | --cwe CWE-79,CWE-89 | Maps to any listed CWE. |
| Vendor | --vendor apache,openssl | Affects any listed vendor. |
| Product | --product log4j | Affects any listed product. |
| Exploit | --has-exploit / --no-exploit | Has (or lacks) a reference tagged as an exploit. |
| Date | --published-after 2024-01-01 | Published on or after a date. |
Comma-separated values inside one axis are OR’d together
(--cwe CWE-79,CWE-89 = either weakness).
AND vs OR across axes
By default the axes combine with AND — every condition must hold. Pass
--or to combine them with OR instead, widening the net:
# CVEs that are KEV-listed AND CVSS ≥ 9
vuln search --kev --min-cvss 9
# CVEs that are KEV-listed OR CVSS ≥ 9
vuln search --kev --min-cvss 9 --orPaging
Results are paged; --limit sets the page size and is clamped server-side to
500. The same q and filter parameters map one-to-one onto the HTTP query
string — see the HTTP API.