About cvebase
A security vulnerability search engine that aggregates and cross-links data from 110 sources into a single searchable index.
What we do
Security professionals waste time jumping between NVD, ExploitDB, vendor advisories, Sigma rules, and threat intel feeds to get the full picture on a vulnerability. cvebase solves this by aggregating 1.7M+ documents from 110 sources and making them searchable from one place.
Every CVE page brings together the description, CVSS and EPSS scores, affected versions, available exploits, patches, detection rules, and vendor advisories — everything you need without switching tabs.
AI-powered semantic search
Unlike keyword-based vulnerability databases, cvebase uses a custom embedding model fine-tuned specifically for cybersecurity. Trained on 150K+ security-specific query-document pairs, it understands security concepts, jargon, and relationships that general-purpose models miss.
This means you can search by concept — SSRF cloud metadata, lateral movement Active Directory, or container escape privilege escalation— and get relevant CVEs, exploits, and detection rules together, even when they don't share the same keywords.
Data sources
We index data daily from 110 sources across multiple categories:
Free API
cvebase offers a free REST API for searching vulnerabilities, retrieving CVE details, and batch enrichment with EPSS scores, CISA KEV status, and exploit availability. Authenticated users get 100 requests per day.
Not affiliated with cvebase.com
cvebase.io is an independent project and is not affiliated with, endorsed by, or connected to cvebase.com or the "cvebase" GitHub organization. These are completely separate projects built by different people.
cvebase.io is a semantic search engine for security data. We chose the name independently — "CVE" + "base" is a natural combination for a vulnerability database. Any similarity in naming is coincidental.
Contact
For questions, feedback, or partnership inquiries, reach out at [email protected].