$ man cve
/cve(1)
PRICE / CALL
$0.005
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
prooflayerCATEGORY
ai
STATUS
● live
NAME
cve — cve lookup / vulnerability database
SYNOPSIS
POST https://x402.org/v1/cve
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call →
402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.DESCRIPTION
CVE lookup / vulnerability database. NIST NVD-backed. CVSS v3.1+v2 scores, severity, affected CPEs, CWE, exploit indicators + LLM summary.
INPUT — request schema
| property | type | description | req? |
|---|---|---|---|
| cve_id | string | e.g. 'CVE-2021-44228'. | required |
OUTPUT — response shape
| field | type | description |
|---|---|---|
| cve_id | string | CVE identifier in the form CVE-YYYY-NNNNN (e.g., CVE-2024-3094). |
| description | string | NVD's plain-text summary of the vulnerability and its impact. |
| published | string | ISO 8601 timestamp when NVD first published the CVE record. |
| cvss_v3_1 | object | CVSS v3.1 metrics object with base score, vector string, and severity breakdown. |
| cvss_v2 | object | Legacy CVSS v2 metrics object with base score, vector, and access/impact subscores. |
| score | number | Primary numeric CVSS base score (v3.1 preferred, falls back to v2) on the 0.0–10.0 scale. |
| severity | string | Qualitative severity label: NONE, LOW, MEDIUM, HIGH, or CRITICAL. |
| cwe | array | Array of associated CWE weakness identifiers (e.g., CWE-79, CWE-787). |
| affected_cpes | array | Array of CPE 2.3 URIs identifying vulnerable products, versions, and configurations. |
| exploit_summary | string | LLM-generated plain-English summary of how the vulnerability is exploited and its blast radius. |
| public_exploit_known | boolean | True if public exploit code, PoC, or active exploitation evidence is referenced. |
| exploit_references | array | Array of URLs to public PoCs, Metasploit modules, or exploit-DB entries. |
| references | array | Array of NVD reference URLs (vendor advisories, patches, analysis writeups). |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.org/v1/cve \
-H 'Content-Type: application/json' \
-d '{ }'first response =
402 Payment Required with payment requirements; sign + retry with X-PAYMENT.EXAMPLE 2 · mcp
# install once claude mcp add x402 --command "npx x402-deployer-mcp" # then ask Claude Code: # "use the cve tool to ..."
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- cvevulnerabilitysecuritynvdexploit
- env
- VENICE_API_KEY
- methods
- POST
- cluster
- prooflayer
- price
- $0.005 USDC per call
ADJACENT — other endpoints in prooflayer
| endpoint | description | price |
|---|---|---|
| cve-lookup | CVE lookup / vulnerability database. | $0.005 |
| pypi-package-risk | PyPI package risk score / Python supply-chain scanner. | $0.01 |
| db-migration-risk | DB migration risk audit / SQL migration safety check / DROP COLUMN detector / unsafe ALTER TABLE detector / Postgres CREATE INDEX CONCURR… | $0.02 |
| deploy-config-risk | deploy config audit / Dockerfile lint / vercel.json hardening / wrangler.toml review / docker-compose.yml safety / fly.toml secrets check… | $0.02 |
| secrets-exposure-check | secrets exposure scan / hardcoded API key detector / .env-committed-key audit / Next.js client env leak detector / pre-deploy secret gate. | $0.02 |
| ai-content-detector | AI content detector / GPT detector / ChatGPT plagiarism checker. | $0.03 |
| dep-risk-summary | repo dependency risk audit / package.json + lockfile vetter / unpinned dep detector / transitive dep counter / requirements.txt audit / p… | $0.03 |
| github-repo-health | GitHub repo health score / open-source maintainability checker. | $0.03 |
SEE ALSO