Skip to main content
Generalfusengine

cve-research

Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.

Stars
13
Source
fusengine/agents
Updated
2026-05-17
Slug
fusengine--agents--cve-research
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/fusengine/agents/HEAD/plugins/security-expert/skills/cve-research/SKILL.md -o .claude/skills/cve-research.md

Drops the SKILL.md into .claude/skills/cve-research.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

CVE Research Skill

Overview

Research known vulnerabilities for project dependencies using multiple sources.

Data Sources

Source API Coverage
NVD nvd.nist.gov/vuln/api All CVEs
OSV.dev api.osv.dev npm, PyPI, Go, crates, Maven
GitHub Advisory github.com/advisories npm, pip, composer, cargo
Exa Search Via MCP Real-time web search

Workflow

  1. Extract dependencies from project (package.json, etc.)
  2. Query each source for known CVEs
  3. Cross-reference findings across sources
  4. Prioritize by CVSS score and exploitability
  5. Report with fix versions and workarounds

Query Strategy

For each dependency:

  1. Search OSV.dev first (fastest, most accurate for packages)
  2. Cross-check NVD for CVSS scoring
  3. Use Exa for recent advisories not yet in databases
  4. Check GitHub Advisory for maintainer responses

Severity Mapping

CVSS Score Severity Action
9.0 - 10.0 CRITICAL Fix immediately
7.0 - 8.9 HIGH Fix before merge
4.0 - 6.9 MEDIUM Plan fix
0.1 - 3.9 LOW Document

References