search_vulns can be used to search for known vulnerabilities in software. To achieve this, it utilizes a locally built database containing various data sources about products, vulnerabilities, exploits, software recency and more. Since search_vulns is designed in a modular fashion, new data sources and extensions can be integrated easily. A complete list of all current modules and included data sources is provided in the Modules section.
You can either provide product titles like Apache 2.4.39 or a CPE 2.3 string like cpe:2.3:a:sudo_project:sudo:1.8.2:*:*:*:*:*:*:* as input. In addition, you can directly search for vulnerabilities like CVE-2023-1234 or GHSA-xx68-jfcg-xmmf by using a comma-separated list of IDs.
search_vulns can either be used as a CLI tool or via a web server. It is recommended to use the CLI tool for automated workflows that might be resource-constrained. Otherwise, using the web server is recommended, because it offers more features and flexibility. A public instance of the web server is available at https://search-vulns.com.
search_vulns' search engine is designed in a modular fashion. Therefore, new data sources can be integrated easily. The currently available modules and data sources are the following:
As this overview shows, modules can help in finding product IDs, vulnerabilities, extra information about vulnerabilities and extra information about the queried product. Examples of the latter two are exploits, CVSS or EPSS scores, or software recency information. Furthermore, modules can classify identified vulnerabilities as patched if they store and utilize special information related to the query, for example.
Have a look at the template module to get started with writing your own modules: src/search_vulns/modules/template/search_vulns_template.py.